Lucene search
K
SuseLinux Enterprise Desktop

461 matches found

CVE
CVE
added 2013/01/13 8:0 p.m.169 views

CVE-2013-0754

CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...

9.3CVSS9.4AI score0.05381EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.169 views

CVE-2016-4956

ntpd (NTP 4.x) before 4.2.8p8 is vulnerable to DoS via a spoofed broadcast packet, triggering interleaved-mode transitions and time changes. This exists due to an incomplete fix for CVE-2016-1548. Exploitation can disrupt time synchronization, with public advisories linking the issue to broadcast...

5.3CVSS6.4AI score0.16351EPSS
CVE
CVE
added 2013/03/11 10:0 a.m.168 views

CVE-2013-2555

CVE-2013-2555 : Integer overflow in Adobe Flash Player (Windows, macOS, Linux) and Adobe AIR prior to specific builds allows remote code execution via unspecified vectors; affected versions include Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows/Mac, before 10.3.183.75 and...

10CVSS7.8AI score0.08458EPSS
CVE
CVE
added 2014/06/05 5:0 p.m.168 views

CVE-2014-3917

CVE-2014-3917 affects the Linux kernel up to 3.14.5, specifically kernel/auditsc.c when CONFIG_AUDITSYSCALL is enabled with certain syscall rules. Local users can obtain sensitive single-bit values from kernel memory or trigger a denial of service (OOPS) by using a large syscall number. Exploitat...

3.3CVSS5.9AI score0.0036EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.168 views

CVE-2014-9585

CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...

2.1CVSS4.9AI score0.00557EPSS
CVE
CVE
added 2013/02/27 12:0 a.m.166 views

CVE-2013-0648

Adobe Flash Player contains a code execution vulnerability in the ExternalInterface ActionScript pathway. Affected versions include Windows/Mac builds prior to 10.3.183.67 and 11.x prior to 11.6.602.171, and Linux builds prior to 10.3.183.67 and 11.x prior to 11.2.202.273. Exploitation could occu...

9.3CVSS7.6AI score0.11094EPSS
In wild
CVE
CVE
added 2012/06/09 12:0 a.m.164 views

CVE-2012-2035

The CVE-2012-2035 entry concerns a stack-based buffer overflow in Adobe Flash Player (Windows/macOS/Linux) and Adobe AIR that enables arbitrary code execution via unspecified vectors. Connected advisories (OpenVAS/Nessus entries and vendor bulletins) corroborate that multiple Flash Player vulnera...

9.3CVSS7.9AI score0.05891EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.162 views

CVE-2015-2738

CVE-2015-2738 affects Mozilla Firefox (before 39.0; ESR 31.x before 31.8 and 38.x before 38.1) and Thunderbird (before 38.1). The issue is a read from uninitialized memory in YCbCrImageDataDeserializer::ToDataSourceSurface, with unspecified impact and attack vectors. No remediation details are pr...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2016/06/27 10:0 a.m.162 views

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

7.5CVSS6.9AI score0.05521EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.161 views

CVE-2013-0750

CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...

9.3CVSS9.6AI score0.0633EPSS
CVE
CVE
added 2010/12/06 9:0 p.m.160 views

CVE-2010-4180

OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...

4.3CVSS6.6AI score0.09497EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.160 views

CVE-2015-2573

CVE-2015-2573 is an unspecified vulnerability in Oracle MySQL Server (affecting 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via DDL-related vectors. The connected documents confirm this CVE appears in multiple security advisories acro...

4CVSS4.8AI score0.0511EPSS
CVE
CVE
added 2012/06/09 12:0 a.m.159 views

CVE-2012-2039

CVE-2012-2039 affects Adobe Flash Player prior to 10.3.183.20 and 11.x prior to 11.3.300.257 on Windows/Mac; prior to 10.3.183.20 and 11.x prior to 11.2.202.236 on Linux; prior to 11.1.111.10 on Android 2.x/3.x; prior to 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610. The vulnerabilit...

9.3CVSS7.6AI score0.04748EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.159 views

CVE-2013-0757

CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...

9.3CVSS9.1AI score0.60859EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.159 views

CVE-2015-0433

The CVE-2015-0433 entry concerns an unspecified vulnerability in Oracle MySQL Server (affected versions: 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via InnoDB : DML. Connected advisories from Debian, CentOS, Gentoo, and IBM/Tivoli sh...

4CVSS4.8AI score0.05421EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.159 views

CVE-2015-2568

CVE-2015-2568 affects Oracle MySQL Server 5.5.41 and earlier and 5.6.22 and earlier. The vulnerability is described as unspecified with impact to availability, due to issues in the Server : Security : Privileges area. The provided sources indicate a remote attacker could cause a denial of service...

5CVSS5AI score0.0715EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.158 views

CVE-2012-1970

CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...

10CVSS9.8AI score0.05566EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.157 views

CVE-2016-4955

CVE-2016-4955 affects ntpd (NTP 4.x) prior to 4.2.8p8. When autokey is enabled, a remote attacker can cause a denial of service by sending a spoofed CRYPTO_NAK packet or a packet with an incorrect MAC at a specific time, which can trigger autokey association reset. Cloud/OS advisories confirm thi...

5.9CVSS6.3AI score0.08771EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.156 views

CVE-2014-9761

The CVE-2014-9761 issue affects the GNU C Library (glibc) prior to 2.23. It involves stack-based buffer overflows in the nan, nanf, and nanl functions caused by long arguments, which could lead to denial of service or potentially arbitrary code execution. Mitigation in the provided documents reco...

9.8CVSS9AI score0.05506EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.154 views

CVE-2013-0748

CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...

4.3CVSS9.2AI score0.01998EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.153 views

CVE-2012-1976

CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.153 views

CVE-2012-3990

CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...

9.3CVSS9.4AI score0.05201EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.153 views

CVE-2013-0800

CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...

6.8CVSS9.7AI score0.03941EPSS
CVE
CVE
added 2015/03/02 11:0 a.m.153 views

CVE-2014-8160

CVE-2014-8160 : In the Linux kernel, net/netfilter/nf_conntrack_proto_generic.c before 3.18 generates incorrect conntrack entries when handling certain iptables rule sets for SCTP, DCCP, GRE, and UDP-Lite. This can allow remote attackers to bypass intended access restrictions by sending packets w...

5CVSS5.7AI score0.05489EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.153 views

CVE-2015-2575

CVE-2015-2575 is described in connected docs as an unspecified vulnerability in Oracle MySQL Connector/J (MySQL Connectors component) affecting MySQL 5.1.34 and earlier, allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. The connected materials do not...

4.9CVSS7.4AI score0.0359EPSS
CVE
CVE
added 2015/06/15 3:0 p.m.153 views

CVE-2015-3209

CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...

7.5CVSS6.5AI score0.09668EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.153 views

CVE-2018-19543

CVE-2018-19543 affects JasPer 2.0.14. The issue is a heap-based buffer over-read of size 8 in jp2_decode (libjasper/jp2/jp2_dec.c). Exploitation details, impact, affected platforms, and fixes are not provided beyond this description in the initial document. References to Jasper-related advisories...

7.8CVSS7.4AI score0.01553EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.152 views

CVE-2010-2753

CVE-2010-2753 affects Mozilla Firefox (3.5.x before 3.5.11; 3.6.x before 3.6.7), Thunderbird (3.0.x before 3.0.6; 3.1.x before 3.1.1), and SeaMonkey before 2.0.6. Root cause: integer overflow in the XUL tree selection attribute can trigger a use-after-free when handling a large selection in a XUL...

9.3CVSS9.7AI score0.06672EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.152 views

CVE-2014-4258

CVE-2014-4258 affects the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier, enabling remote authenticated users to impact confidentiality, integrity, and availability via SRINFOSC. Contained in multiple advisories; mitigations include upgrading MariaDB/Mysql-relate...

6.5CVSS6.1AI score0.03482EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.151 views

CVE-2012-1972

CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.151 views

CVE-2013-0744

CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...

9.3CVSS9.6AI score0.06147EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.151 views

CVE-2014-1737

CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...

7.2CVSS6.2AI score0.00489EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.151 views

CVE-2016-0642

CVE-2016-0642 affects Oracle MySQL Server releases prior to 5.5.49/5.6.30/5.7.x (as cited in multiple advisories). Description: an unspecified vulnerability in the Federated component may lead to integrity and availability impact for local users. Connected sources confirm affected versions (5.5.4...

4.7CVSS4.2AI score0.0118EPSS
CVE
CVE
added 2010/06/10 12:0 a.m.150 views

CVE-2010-0395

CVE-2010-0395 affects OpenOffice.org 2.x/3.0 up to 3.2.0.x; a crafted OpenDocument Text file can bypass Python macro security restrictions and cause remote code execution by a user-assisted action when the macro directory is previewed. The underlying issue is insufficient enforcement of Python ma...

9.3CVSS6.7AI score0.10511EPSS
CVE
CVE
added 2014/08/01 10:0 a.m.149 views

CVE-2014-5077

CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...

7.1CVSS6.2AI score0.05794EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.149 views

CVE-2016-2782

CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...

4.9CVSS6.1AI score0.01648EPSS
CVE
CVE
added 2011/01/03 7:26 p.m.148 views

CVE-2010-3876

CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...

1.9CVSS5.6AI score0.00377EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.148 views

CVE-2010-4158

The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...

2.1CVSS5.6AI score0.00868EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.148 views

CVE-2015-4830

CVE-2015-4830 corresponds to an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier. The description states remote authenticated users can affect integrity via unknown vectors related to Server:Security:Privileges. Connected documents (F5/K59010802 advisory,...

4CVSS5.1AI score0.02982EPSS
CVE
CVE
added 2017/03/23 6:0 p.m.148 views

CVE-2016-9398

CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...

7.5CVSS7AI score0.05981EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.147 views

CVE-2012-4194

The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...

4.3CVSS8.2AI score0.02835EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.147 views

CVE-2015-0441

CVE-2015-0441 is an unspecified remote-authenticated vulnerability in Oracle MySQL Server 5.5.x (and earlier) affecting availability via unknown vectors in Server: Security: Encryption. Connected advisories confirm this CVE appears in multiple upstream/security notices and requires upgrading MySQ...

4CVSS4.8AI score0.04505EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.146 views

CVE-2013-0746

CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...

9.3CVSS9.5AI score0.04485EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.146 views

CVE-2015-0501

CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...

5.7CVSS4.8AI score0.09984EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.146 views

CVE-2015-8779

CVE-2015-8779 affects the GNU C Library (glibc). The vulnerability is a stack-based buffer overflow in the catopen() function when handling long catalog names, which can cause an application crash (DoS) or potentially allow arbitrary code execution. Affected products include glibc releases prior ...

9.8CVSS9.2AI score0.05966EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.145 views

CVE-2012-3960

CVE-2012-3960 is a use-after-free in mozSpellChecker::SetCurrentDictionary that affects Mozilla Firefox <15.0, Firefox ESR <10.0.7, Thunderbird <15.0 / ESR, and SeaMonkey

10CVSS9.4AI score0.05408EPSS
CVE
CVE
added 2010/11/29 3:0 p.m.144 views

CVE-2010-4073

CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...

1.9CVSS5.7AI score0.01542EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.144 views

CVE-2012-3972

CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...

5CVSS8.8AI score0.03957EPSS
CVE
CVE
added 2017/03/15 7:0 p.m.144 views

CVE-2017-5898

CVE-2017-5898 affects Quick Emulator (QEMU) when built with CCID Card device emulator support. The vulnerability is an integer overflow in the emulated_apdu_from_guest function (usb/dev-smartcard-reader.c) that allows a local user to crash the QEMU host process by sending a large APDU unit, causi...

5.5CVSS5.7AI score0.004EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.143 views

CVE-2012-0442

CVE-2012-0442 covers multiple memory-safety vulnerabilities in the Mozilla browser engine affecting Firefox before 3.6.26 and 4.x–9.0, Thunderbird before 3.1.18 and 5.0–9.0, and SeaMonkey before 2.7. The issues can cause memory corruption, application crashes, or potentially remote code execution...

9.3CVSS10AI score0.04597EPSS
Total number of security vulnerabilities461