Lucene search
K
SuseLinux Enterprise Desktop

461 matches found

CVE
CVE
added 2016/02/18 9:0 p.m.301 views

CVE-2015-7547

CVE-2015-7547 refers to a stack-based buffer overflow in the GLIBC libresolv DNS resolver path, triggered by dual A/AAAA DNS queries in getaddrinfo. The vulnerability could allow remote code execution or crash the process when handling crafted DNS responses, with exploitation possible via the nss...

8.1CVSS8.4AI score0.89557EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.294 views

CVE-2017-17805

CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...

7.8CVSS7.5AI score0.00428EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.291 views

CVE-2017-13078

CVE-2017-13078 is part of the KRACK family impacting WPA2. A attacker in Wi‑Fi range could reinstall the GTK during the 4‑way handshake, replaying frames to clients. Apple addresses this via security updates (e.g., HT208221/HT208222) for macOS High Sierra/Sierra and related AirPort firmware; exac...

5.3CVSS6.7AI score0.0207EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.283 views

CVE-2017-13082

CVE-2017-13082 is one of the KRACK-class WPA2 flaws. Android/Arch/Debian/CentOS references describe an issue where a retransmitted FT Reassociation Request can reinstall the PTK during processing, enabling a nearby attacker to replay, decrypt, or spoof frames. Impact described across sources incl...

8.1CVSS7.7AI score0.04575EPSS
CVE
CVE
added 2009/04/17 2:0 p.m.264 views

CVE-2009-1185

CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...

7.2CVSS7.4AI score0.81528EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.261 views

CVE-2017-13087

CVE-2017-13087 affects WPA/WPA2 (WPA2) implementations in wpa_supplicant/wpa and is part of the KRACK family. The issue is a GTK reinstallation triggered when processing a Wireless Network Management Sleep Mode Response frame, allowing an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01742EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.256 views

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

10CVSS8.9AI score0.07936EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.256 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.255 views

CVE-2013-4002

CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...

7.1CVSS6.7AI score0.24738EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.248 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.247 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2015/11/13 2:0 a.m.247 views

CVE-2015-8126

CVE-2015-8126 concerns libpng buffer overflows in png_set_PLTE and png_get_PLTE caused by improper bounds checks. Affected ranges include libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Exploitation via a small bit-...

7.5CVSS7.9AI score0.10339EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.244 views

CVE-2018-19542

CVE-2018-19542 affects JasPer 2.0.14. The vulnerability is a NULL pointer dereference in jp2_decode (libjasper/jp2/jp2_dec.c) that leads to a denial of service. The connected documents confirm the issue and cite unpatched status on several Red Hat releases (RHEL 6/7/8) via Nessus entries, but do ...

6.5CVSS6.5AI score0.01946EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.243 views

CVE-2017-13086

CVE-2017-13086 affects WPA/WPA2, specifically the TDLS handshake where the TDLS PeerKey (TPK) can be reinstalled. The root cause is key reinstallation during the TDLS handshake, enabling an attacker within radio range to replay, decrypt, or spoof frames. This vulnerability is documented across mu...

6.8CVSS7.2AI score0.02046EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.241 views

CVE-2017-13088

CVE-2017-13088 is part of the KRACK family affecting WPA/WPA2 (802.11) where reinstallation of the Integrity Group Temporal Key (IGTK) can occur while processing a Wireless Network Management Sleep Mode Response frame. The flaw enables an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01807EPSS
CVE
CVE
added 2011/04/03 1:0 a.m.240 views

CVE-2011-1083

The CVE-2011-1083 issue affects the Linux kernel epoll implementation (epoll_ctl/epoll_create) as shipped in 2.6.37.2 and earlier. Local attackers can cause CPU denial of service by crafting a user-space application that creates and manages epoll file descriptors, exploiting improper traversal of...

4.9CVSS5.9AI score0.00795EPSS
CVE
CVE
added 2014/02/21 2:0 a.m.240 views

CVE-2014-0502

CVE-2014-0502 is a double‑free vulnerability in Adobe Flash Player and related components that allows remote code execution. Affected products include Flash Player prior to 11.7.700.269 and 11.8.x up to 12.0.x before 12.0.0.70 on Windows/macOS, and before 11.2.202.341 on Linux, as well as Adobe A...

10CVSS7.8AI score0.24204EPSS
In wild
CVE
CVE
added 2013/03/28 11:0 p.m.238 views

CVE-2013-1861

CVE-2013-1861 affects MariaDB SQL branches (5.5.x up to 5.5.30, 5.3.x up to 5.3.13, 5.2.x up to 5.2.15, 5.1.x up to 5.1.68) and Oracle MySQL (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The vulnerability allows remote DoS (crash) via a crafted geometry feature with a large number...

5CVSS5.1AI score0.18675EPSS
CVE
CVE
added 2014/02/05 2:0 a.m.238 views

CVE-2014-0497

CVE-2014-0497 is an Adobe Flash Player integer underflow vulnerability affecting multiple platforms (Windows/macOS/Linux) that enables remote code execution via unspecified vectors. The initial description confirms the affected version ranges (pre-11.7.700.261/11.8.x–12.x pre-12.0.0.44 on Windows...

10CVSS7.8AI score0.99883EPSS
In wildWeb
CVE
CVE
added 2018/10/31 4:0 p.m.231 views

CVE-2018-18873

CVE-2018-18873 affects JasPer 2.0.14 with a NULL pointer dereference in ras_putdatastd (ras_enc.c), which can cause a crash. The Connected documents confirm the vulnerability and its presence in JasPer 2.0.14 but do not provide a specific patch version or remediation details in the supplied mater...

5.5CVSS6.1AI score0.01374EPSS
CVE
CVE
added 2012/12/03 11:0 a.m.219 views

CVE-2012-5612

CVE-2012-5612 describes a heap-based buffer overflow in Oracle MySQL 5.5.19–5.5.28 and MariaDB 5.5.28a (and possibly other versions), enabling remote authenticated users to cause memory corruption, crash the server, and potentially execute arbitrary code. The vulnerability is exploited via a vari...

6.5CVSS5.7AI score0.20837EPSS
CVE
CVE
added 2014/04/14 4:0 p.m.207 views

CVE-2010-5298

CVE-2010-5298 – OpenSSL race condition in ssl3_read_bytes (s3_pkt.c) . OpenSSL versions up to 1.0.1g are affected when SSL_MODE_RELEASE_BUFFERS is enabled, enabling a remote attacker to inject data across sessions or cause a denial of service (use-after-free and parsing error) over an SSL connect...

4CVSS7AI score0.34132EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.207 views

CVE-2017-17806

CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...

7.8CVSS7.4AI score0.00561EPSS
CVE
CVE
added 2011/12/15 2:0 a.m.203 views

CVE-2011-4516

CVE-2011-4516 affects JasPer, specifically the heap-based buffer overflow in the function jpc_cox_getcompparms (libjasper/jpc/jpc_cs.c) within JasPer 1.900.1. A crafted value in a COD (coding style default) marker segment of a JPEG2000 file can cause remote code execution or memory corruption, po...

6.8CVSS5.4AI score0.10618EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.201 views

CVE-2010-4258

The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...

6.2CVSS6AI score0.02655EPSS
CVE
CVE
added 2014/07/19 7:0 p.m.193 views

CVE-2014-4943

CVE-2014-4943 affects the Linux kernel up to 3.15.6, specifically the PPPoL2TP feature in net/l2tp/l2tp_ppp.c. The vulnerability arises from data-structure differences between an l2tp socket and an inet socket, enabling local privilege escalation. Public details in connected sources include PoC/e...

6.9CVSS6.3AI score0.02103EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.190 views

CVE-2018-19539

CVE-2018-19539 (JasPer 2.0.14) : An access violation in libjasper/base/jas_image.c:jas_image_readcmpt can cause a denial of service. Affected component is jas_image_readcmpt in JasPer 2.0.14; root cause is an access violation leading to crash/DoS. Public remediation/fix details are not provided i...

6.5CVSS6.5AI score0.01946EPSS
CVE
CVE
added 2009/08/27 5:0 p.m.187 views

CVE-2009-2698

CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...

7.8CVSS7.1AI score0.0718EPSS
In wild
CVE
CVE
added 2012/11/21 11:0 a.m.187 views

CVE-2012-5829

CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...

9.3CVSS9.2AI score0.08439EPSS
CVE
CVE
added 2021/06/02 1:54 p.m.187 views

CVE-2018-10195

CVE-2018-10195 affects lrzsz prior to 0.12.21~rc. The issue stems from an incorrect length check in zsdata that can cause a size_t wraparound, potentially leaking information to the receiving side. Public sources consistently describe an information leak risk and, in distributions, a fix/update i...

7.1CVSS6.5AI score0.00391EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.185 views

CVE-2018-19541

CVE-2018-19541 : A heap-based buffer over-read of size 8 exists in the function jas_image_depalettize (libjasper/base/jas_image.c) in JasPer, affecting versions from 1.900.8 up to 2.0.16 listed in the Initial document. The vulnerability can cause a crash and may enable memory access issues. The C...

8.8CVSS7.2AI score0.02802EPSS
CVE
CVE
added 2012/06/16 9:0 p.m.184 views

CVE-2012-1717

CVE-2012-1717 is an unspecified local confidentiality vulnerability in the Java Runtime Environment affecting Oracle JRE 7u4 and earlier, 6u32 and earlier, 5u35 and earlier, and 1.4.2_37 and earlier, related to printing on Solaris/Linux. Connected documents (including IBM BigInsights/InfoSphere a...

2.1CVSS7.6AI score0.00476EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.184 views

CVE-2015-7976

CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...

4.3CVSS5.6AI score0.03512EPSS
CVE
CVE
added 2022/04/27 12:0 a.m.182 views

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

7.8CVSS7.7AI score0.00562EPSS
CVE
CVE
added 2014/06/05 9:0 p.m.181 views

CVE-2014-0221

The CVE concerns OpenSSL: the function dtls1_get_message_fragment in d1_both.c is vulnerable to a DoS via an invalid DTLS handshake. Affected are OpenSSL binaries prior to 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. In practice, a remote attacker can trigger recursion and a client cras...

4.3CVSS6.8AI score0.87892EPSS
CVE
CVE
added 2011/12/15 2:0 a.m.178 views

CVE-2011-4517

CVE-2011-4517 affects JasPer 1.900.1 used for JPEG-2000 decoding. The flaw is in libjasper/jpc/jpc_cs.c: jpc_crg_getparms uses an incorrect data type during a size calculation, enabling remote attackers to trigger a heap-based buffer overflow via a crafted CRG marker segment in a JPEG2000 file. C...

6.8CVSS5AI score0.10618EPSS
CVE
CVE
added 2014/12/02 4:0 p.m.178 views

CVE-2014-9116

CVE-2014-9116 concerns the Mutt mail client. The description specifies that the write_one_header function in mutt 1.5.23 mishandles newline characters at the beginning of a header, allowing a remote attacker to cause a denial of service (crash) by sending a header with an empty body. This conditi...

5CVSS9AI score0.09694EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.178 views

CVE-2014-9584

CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...

2.1CVSS4.5AI score0.00461EPSS
CVE
CVE
added 2015/09/28 8:0 p.m.177 views

CVE-2015-1781

CVE-2015-1781 affects the GNU C Library (glibc/eglibc) NSS gethostbyname_r and related functions. A misaligned input buffer can cause a buffer overflow, leading to a crash or potentially arbitrary code execution via crafted DNS responses. Public advisories (Debian, Cloud Foundry, CentOS/RH, CNVD)...

6.8CVSS8.9AI score0.05012EPSS
CVE
CVE
added 2016/06/10 3:0 p.m.177 views

CVE-2016-5118

CVE-2016-5118 affects GraphicsMagick and ImageMagick: the OpenBlob handling accepts a leading ‘|’ pipe in a filename, enabling remote code execution. Connected advisories confirm the issue and note remediation by upgrading to at least GraphicsMagick 1.3.24 (and corresponding ImageMagick fixes) an...

10CVSS9.5AI score0.49982EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.176 views

CVE-2012-4186

CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...

9.3CVSS9.6AI score0.147EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.175 views

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

9.3CVSS8.8AI score0.0399EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.175 views

CVE-2018-19540

CVE-2018-19540 : In JasPer, there is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input (libjasper/base/jas_icc.c). Reported vulnerable versions include 1.900.8–1.900.31 and 2.0.0–2.0.16. The connected documents do not provide an explicit exploit path or patch details wit...

8.8CVSS7.4AI score0.02291EPSS
CVE
CVE
added 2012/06/09 12:0 a.m.173 views

CVE-2012-2036

Adobe Flash Player and Adobe AIR are affected by multiple CVEs (CVE-2012-2034 to CVE-2012-2040) including an integer overflow and related memory corruption that could allow arbitrary code execution. The CVEs apply to various platforms: Windows, macOS, Linux, and Android, with Adobe AIR тоже affec...

9.3CVSS7.7AI score0.04864EPSS
CVE
CVE
added 2014/05/06 10:0 a.m.173 views

CVE-2014-0198

The connected F5 advisory confirms CVE-2014-0198: the do_ssl3_write function in OpenSSL 1.x (up to 1.0.1g) with SSL_MODE_RELEASE_BUFFERS enabled can trigger a denial-of-service via a NULL pointer dereference in certain recursive alert paths. Impact is remote DoS; no exploitation details are provi...

4.3CVSS7.4AI score0.43828EPSS
CVE
CVE
added 2015/11/17 3:0 p.m.173 views

CVE-2015-0272

CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...

5CVSS5.9AI score0.05059EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.172 views

CVE-2015-2734

CVE-2015-2734 details (mode C): The vulnerability affects Mozilla Firefox (Direct3D 9 implementation) in Windows builds prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1. The underlying issue is reading data from uninitialized memory locations in ...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2009/02/22 10:0 p.m.171 views

CVE-2009-0040

The CVE-2009-0040 issue affects the PNG reference library (libpng) as used in pngcrush and other apps. A crafted PNG can trigger a free of an uninitialized pointer in png_read_png, pCAL chunk handling, or 16-bit gamma table setup, enabling denial of service or possibly arbitrary code execution. A...

6.8CVSS8.1AI score0.04825EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.171 views

CVE-2015-8776

The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...

9.1CVSS8.5AI score0.04613EPSS
CVE
CVE
added 2012/06/09 12:0 a.m.170 views

CVE-2012-2038

CVE-2012-2038 affects Adobe Flash Player across Windows, macOS, Linux, Android, and Adobe AIR before 3.3.0.3610. The issue allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Connected sources note that the Flash Player update to 11.2....

4.3CVSS5.9AI score0.03655EPSS
Total number of security vulnerabilities461