Lucene search

K
NovellSuse Linux Enterprise Desktop

20 matches found

CVE
CVE
added 2015/05/14 10:59 a.m.370 views

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

7.5CVSS8.6AI score0.05699EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.314 views

CVE-2016-3672

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a set...

7.8CVSS6.6AI score0.00021EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.296 views

CVE-2016-1583

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

7.8CVSS7.4AI score0.00288EPSS
CVE
CVE
added 2016/07/03 9:59 p.m.284 views

CVE-2016-4997

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value...

7.8CVSS7.5AI score0.05575EPSS
CVE
CVE
added 2017/06/19 4:29 p.m.263 views

CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.8CVSS7.4AI score0.07151EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.152 views

CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact...

7.2CVSS7AI score0.00076EPSS
CVE
CVE
added 2015/01/21 7:59 p.m.139 views

CVE-2015-0412

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.

7.2CVSS3.8AI score0.01848EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.132 views

CVE-2016-4805

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net...

7.8CVSS7.7AI score0.00087EPSS
CVE
CVE
added 2014/11/10 11:55 a.m.123 views

CVE-2014-3687

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

7.8CVSS7.1AI score0.03061EPSS
CVE
CVE
added 2013/08/19 11:55 p.m.117 views

CVE-2013-3567

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

7.5CVSS7.3AI score0.11139EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.97 views

CVE-2015-2708

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS9.8AI score0.01346EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.88 views

CVE-2015-2728

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (me...

7.5CVSS5.6AI score0.03275EPSS
CVE
CVE
added 2016/09/20 2:15 p.m.87 views

CVE-2015-8921

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

7.5CVSS7AI score0.0366EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.84 views

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

7.5CVSS5.2AI score0.01286EPSS
CVE
CVE
added 2016/09/20 2:15 p.m.82 views

CVE-2015-8919

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

7.5CVSS7.3AI score0.0637EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.77 views

CVE-2015-0458

Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

7.6CVSS3.6AI score0.10384EPSS
CVE
CVE
added 2008/07/09 6:41 p.m.69 views

CVE-2008-2931

The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

7.8CVSS7.2AI score0.00023EPSS
CVE
CVE
added 2016/09/20 2:15 p.m.68 views

CVE-2015-8918

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

7.5CVSS7AI score0.02038EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.63 views

CVE-2015-2709

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS9.7AI score0.00874EPSS
CVE
CVE
added 2017/09/08 6:29 p.m.39 views

CVE-2016-5759

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

7.8CVSS7.4AI score0.00029EPSS