Opensuse Security Vulnerabilities and Issues — Opensuse CVE List

Lucene search

OpensuseOpensuse

15 matches found

CVE•added 2010/11/05 5:0 p.m.•358 views

CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

9.8CVSS9.6AI score0.27685EPSS

CVE•added 2010/11/05 6:0 p.m.•121 views

CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer...

7.5CVSS7.3AI score0.06284EPSS

CVE•added 2010/11/29 4:0 p.m.•121 views

CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions ...

1.9CVSS5.7AI score0.0024EPSS

CVE•added 2010/11/22 1:0 p.m.•118 views

CVE-2010-3432

The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.

7.8CVSS5.7AI score0.04322EPSS

CVE•added 2010/11/30 10:14 p.m.•108 views

CVE-2010-4081

The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.

1.9CVSS5.5AI score0.00087EPSS

Web

CVE•added 2010/11/30 10:14 p.m.•106 views

CVE-2010-4083

The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl s...

1.9CVSS5.8AI score0.00091EPSS

CVE•added 2010/11/30 10:14 p.m.•103 views

CVE-2010-4080

The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.

2.1CVSS5.6AI score0.00087EPSS

CVE•added 2010/11/29 4:0 p.m.•101 views

CVE-2010-4072

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."

1.9CVSS5.8AI score0.00096EPSS

CVE•added 2010/11/26 7:0 p.m.•94 views

CVE-2010-2962

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory lo...

7.2CVSS6.2AI score0.00116EPSS

CVE•added 2010/11/26 7:0 p.m.•90 views

CVE-2010-2963

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privile...

6.2CVSS6AI score0.00054EPSS

Web

CVE•added 2010/11/22 1:0 p.m.•90 views

CVE-2010-4169

Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.

4.9CVSS6.7AI score0.00049EPSS

CVE•added 2010/11/30 10:14 p.m.•89 views

CVE-2010-4082

The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call.

1.9CVSS5.4AI score0.0007EPSS

CVE•added 2010/11/22 1:0 p.m.•89 views

CVE-2010-4165

The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorr...

4.9CVSS6.8AI score0.00267EPSS

Web

CVE•added 2010/11/17 1:0 a.m.•84 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.00728EPSS

CVE•added 2010/11/29 4:0 p.m.•83 views

CVE-2010-4078

The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.

1.9CVSS7AI score0.00072EPSS