Lucene search
K
SuseLinux Enterprise Desktop

461 matches found

CVE
CVE
added 2016/04/19 9:0 p.m.143 views

CVE-2015-8778

CVE-2015-8778 affects the GNU C Library (glibc) prior to 2.23, where an integer/size argument in hcreate_r can trigger an out-of-bounds heap access, potentially causing denial of service or arbitrary code execution. Connected advisories detail that multiple products (notably glibc-containing pack...

9.8CVSS9.1AI score0.05515EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.142 views

CVE-2012-3986

CVE-2012-3986 affects Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8), Thunderbird prior to 16.0, and SeaMonkey before 2.13. The root cause is that certain DOMWindowUtils (nsDOMWindowUtils) methods were not protected by security checks, allowing remote JavaScript to bypass in...

4.3CVSS9AI score0.02512EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.142 views

CVE-2014-6469

CVE-2014-6469 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, enabling remote authenticated users to affect availability via SERVER:OPTIMIZER. Connected advisories indicate remediation through upgrading MySQL to 5.5.40 or newer (e.g., De...

6.8CVSS5.6AI score0.04408EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.142 views

CVE-2016-4953

CVE-2016-4953 affects ntpd (NTP 4.x) and relates to DoS via crafted CRYPTO_NAK or spoofed packets that can demobilize ephemeral associations, potentially disrupting time synchronization. Connected docs confirm multiple ntpd-family vulnerabilities (CVE-2016-4953/4954/4955/4956/4957) with root caus...

7.5CVSS7.3AI score0.17245EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.141 views

CVE-2012-0879

CVE-2012-0879 affects the Linux kernel prior to 2.6.33, where the I/O implementation for block devices mishandles the CLONE_IO feature. Local attackers can create multiple processes sharing an I/O context, causing I/O instability and a denial of service. The vulnerability is evidenced across mult...

5.5CVSS5AI score0.00468EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.141 views

CVE-2013-0755

CVE-2013-0755 refers to a use-after-free in the mozVibrate implementation of the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. The vulnerability allows remote code execution...

9.3CVSS9.3AI score0.06853EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.141 views

CVE-2014-1489

Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.

4.3CVSS8.7AI score0.01932EPSS
CVE
CVE
added 2015/01/21 3:0 p.m.141 views

CVE-2014-6568

CVE-2014-6568 is an Oracle MySQL/MariaDB vulnerability affecting InnoDB DML leading to potential availability impact in MySQL Server 5.5.x (<=5.5.40) and 5.6.x (

3.5CVSS6.1AI score0.07135EPSS
CVE
CVE
added 2012/11/23 8:0 p.m.140 views

CVE-2012-3515

CVE-2012-3515 affects QEMU (as used in Xen 4.0/4.1) where emulating certain devices with a virtual console backend lets local guest OS users gain privileges via a crafted escape VT100 sequence that overwrites a device model’s address space. Connected documents confirm this CVE is included in mult...

7.2CVSS5.9AI score0.00528EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.140 views

CVE-2013-0768

Technical details for CVE-2013-0768 are not publicly available in the provided documents. Monitor for updates.

9.3CVSS9.6AI score0.07633EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.140 views

CVE-2015-0499

CVE-2015-0499 is a documented, non-query vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier, affecting the Server Federated component and capable of denial of service by remote authenticated users. Public details confirm the issue but do not provide exploit specifics. ...

3.5CVSS4.8AI score0.04757EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.139 views

CVE-2013-0760

CVE-2013-0760 describes a buffer overflow in Mozilla Firefox’s CharDistributionAnalysis::HandleOneChar, allowing remote code execution via a crafted document. Affected products per the description: Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15. Root cause is a memory c...

9.3CVSS9.4AI score0.05334EPSS
Web
CVE
CVE
added 2014/07/17 2:36 a.m.139 views

CVE-2014-2494

CVE-2014-2494 is an unspecified vulnerability in the MySQL/MariaDB MySQL Server component (affecting Oracle MySQL 5.5.37 and earlier) that can allow remote authenticated users to affect availability via vectors related to ENARC. Connected sources also tie this CVE to MariaDB advisories and tracke...

4CVSS6.1AI score0.03482EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.139 views

CVE-2016-4954

The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...

7.5CVSS6.9AI score0.13208EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.138 views

CVE-2012-3991

CVE-2012-3991 affects Mozilla Firefox and related Mozilla products: Firefox and Firefox ESR before the 16.0 line, Thunderbird before 16.0, and SeaMonkey before 2.13 did not properly restrict JSAPI GetProperty access, bypassing the Same Origin Policy. This vulnerability could allow remote attacker...

9.3CVSS9.4AI score0.03078EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.138 views

CVE-2013-0749

CVE-2013-0749 describes multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (before 18.0) and related products (Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2 and ESR 17.x before 17.0.1, SeaMonkey before 2.15). The description states that remote attackers could c...

9.3CVSS9.8AI score0.05802EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.138 views

CVE-2015-8934

CVE-2015-8934 affects libarchive up to version 3.2.0, with a flaw in copy_from_lzss_window inside archive_read_support_format_rar.c that can trigger an out-of-bounds heap read via a crafted RAR file, leading to denial of service. Public advisories from multiple vendors describe this as part of a ...

5.5CVSS6AI score0.023EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.137 views

CVE-2012-0449

CVE-2012-0449 affects Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7. Description: remote attackers can cause memory corruption and application crash, or possibly execute arbitrary code via a malformed XSLT stylesheet emb...

9.3CVSS9.9AI score0.05809EPSS
CVE
CVE
added 2014/02/28 2:0 a.m.137 views

CVE-2014-0069

The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...

7.2CVSS6.5AI score0.00414EPSS
CVE
CVE
added 2008/01/18 10:0 p.m.136 views

CVE-2007-6427

CVE-2007-6427 affects the X.Org Xserver (XInput-Misc extension) prior to version 1.4.1. The root cause is missing input sanitising within the XInput‑Misc code, which can lead to local privilege escalation. In public advisories, this is described as a vulnerability in the XInput‑Misc path that all...

9.3CVSS9.8AI score0.04278EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.136 views

CVE-2010-3850

CVE-2010-3850: In the Linux kernel, the ec_dev_ioctl function in net/econet/af_econet.c did not require CAP_NET_ADMIN, allowing local users to bypass access restrictions and configure econet addresses via an SIOCSIFADDR ioctl. Documented impact is local privilege/unauthorized configuration; fix a...

2.1CVSS5.8AI score0.00801EPSS
CVE
CVE
added 2010/11/30 10:0 p.m.136 views

CVE-2010-4081

CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...

1.9CVSS5.5AI score0.00393EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.136 views

CVE-2011-3659

CVE-2011-3659 is a use-after-free in Mozilla Firefox (before 3.6.26 and 4.x through 9.0), Thunderbird (before 3.1.18 and 5.0 through 9.0), and SeaMonkey (before 2.7). The root cause is premature notification of AttributeChildRemoved that affects access to removed nsDOMAttribute child nodes, enabl...

9.3CVSS9.5AI score0.36511EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.136 views

CVE-2012-3982

CVE-2012-3982 affects Mozilla Firefox before 16.0, Firefox ESR before 10.0.8, Thunderbird before 16.0, Thunderbird ESR before 10.0.8, and SeaMonkey before 2.13. The description notes multiple unspecified vulnerabilities in the browser engine that can cause memory corruption and application crashe...

9.3CVSS9.8AI score0.04727EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.136 views

CVE-2013-0761

CVE-2013-0761 is a use-after-free vulnerability in Firefox’s mozilla::TrackUnionStream::EndTrack that could allow remote code execution or a denial of service via heap memory corruption. Affected products include Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR...

9.3CVSS9.4AI score0.04395EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.136 views

CVE-2014-4260

CVE-2014-4260 is reported in MariaDB/MySQL contexts as an unspecified vulnerability in the MySQL Server component (SRCHAR vectors) that allows remote authenticated users to affect integrity and availability. Public details in the connected documents indicate MariaDB versions prior to 5.5.38 are a...

5.5CVSS6AI score0.03482EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.136 views

CVE-2014-6551

CVE-2014-6551 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier. The connected document notes an unspecified local vulnerability that allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. No explicit root cause detail or exploit information is ...

2.1CVSS6.1AI score0.0039EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.136 views

CVE-2015-0505

CVE-2015-0505 affects Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier. An unspecified remote-authenticated vulnerability related to Data Definition Language (DDL) operations could cause a denial of service. Impact is limited to availability (partial). The public description does no...

3.5CVSS4.8AI score0.05046EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.136 views

CVE-2015-2571

CVE-2015-2571 affects Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier. It is an unspecified vulnerability in the Server: Optimizer that could allow remote authenticated users to cause a denial of service via unknown vectors. Exploitation details are not provided in the supplied docu...

4CVSS4.8AI score0.05252EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.135 views

CVE-2014-1488

CVE-2014-1488 affects Mozilla Firefox < 27.0 and SeaMonkey

10CVSS9.4AI score0.07004EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.135 views

CVE-2016-0651

CVE-2016-0651 is described in connected documents as an unspecified vulnerability in Oracle MySQL Server (5.5.46 and earlier) affecting the Optimizer subcomponent that can allow local users to impact availability. The available sources identify affected product as Oracle MySQL Server and the impa...

5.5CVSS4.6AI score0.01226EPSS
CVE
CVE
added 2009/11/20 5:0 p.m.134 views

CVE-2009-3080

CVE-2009-3080 affects the Linux kernel gdth driver (gdth_read_event in drivers/scsi/gdth.c). In kernels before 2.6.32-rc8, a negative event index in an IOCTL can allow local users to cause a denial of service or potentially gain privileges. MiracleLinux advisories cite this CVE as part of affecte...

7.2CVSS7AI score0.00417EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.134 views

CVE-2012-4185

CVE-2012-4185 describes a buffer overflow in Mozilla Firefox’s nsCharTraits::length function that could allow remote code execution or a heap memory corruption in Firefox <16.0, ESR 10.x <10.0.8, Thunderbird <16.0/ESR 10.x <10.0.8, and SeaMonkey

9.3CVSS9.6AI score0.08572EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.134 views

CVE-2012-4188

CVE-2012-4188 is a heap-based buffer overflow in Mozilla Firefox’s Convolve3x3 path, affecting Firefox before 16.0 (and ESR 10.x before 10.0.8), Thunderbird before 16.0 (and ESR 10.x before 10.0.8), and SeaMonkey before 2.13. The vulnerability allows remote code execution via unspecified vectors;...

9.3CVSS9.6AI score0.147EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.134 views

CVE-2014-6559

CVE-2014-6559 affects Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier. The vulnerability is described as unspecified with respect to C API SSL CERTIFICATE HANDLING and could allow remote attackers to obtain confidential information (partial confidentiality impact). No exploit detai...

4.3CVSS5.6AI score0.04634EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.134 views

CVE-2015-0374

CVE-2015-0374 is a MySQL/MariaDB server vulnerability impacting confidentiality via unknown vectors in Foreign Key handling. Affected products and versions include Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier (and MariaDB/forked releases in corresponding lines). Public advisories...

3.5CVSS5.9AI score0.03131EPSS
CVE
CVE
added 2009/08/18 8:41 p.m.133 views

CVE-2009-2848

CVE-2009-2848 is confirmed in connected material as applicable to MiracleLinux kernel package 2.6.18-128.10AXS3, aligning with the Linux kernel vulnerability where execve does not properly clear current->clear_child_tid during thread creation/exit. This misbehavior can enable local users to ca...

5.9CVSS6.2AI score0.00516EPSS
CVE
CVE
added 2010/09/21 5:0 p.m.133 views

CVE-2010-3067

CVE-2010-3067 affects the Linux kernel: an integer overflow in do_io_submit (fs/aio.c) in versions before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly other impact via crafted io_submit usage. The vulnerability is rooted in improper handling within the io_s...

4.9CVSS6.8AI score0.00428EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.133 views

CVE-2012-4207

CVE-2012-4207 affects Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 / ESR 10.x, and SeaMonkey before 2.14. The flaw in the HZ-GB-2312 charset implementation allows remote attackers to perform cross-site scripting (XSS) via a crafted document, due to imprope...

4.3CVSS7.8AI score0.02781EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.133 views

CVE-2012-4214

CVE-2012-4214 is a use-after-free in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox before 17.0 and ESR 10.x before 10.0.11, Thunderbird before 17.0/ESR 10.x before 10.0.11, and SeaMonkey before 2.14. The vulnerability can allow remote attackers to execute arbitrary code or...

9.3CVSS9.1AI score0.06074EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.133 views

CVE-2013-0745

This CVE (CVE-2013-0745) affects Mozilla Firefox prior to 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. It is caused by the AutoWrapperChanger not interacting correctly with garbage collection, enabling remote code ...

9.3CVSS9.2AI score0.04485EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.133 views

CVE-2013-0764

CVE-2013-0764 affects Mozilla Firefox (before 18.0), Firefox ESR (before 17.0.2), Thunderbird (before 17.0.2 and ESR 17.x before 17.0.2), and SeaMonkey (before 2.15). The vulnerability is a thread-safety issue in nsSOCKSSocketInfo::ConnectToProxy that can allow remote code execution through craft...

9.3CVSS9.6AI score0.03148EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.133 views

CVE-2014-1738

CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...

2.1CVSS5.9AI score0.00524EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.133 views

CVE-2015-5154

CVE-2015-5154 is a heap-based buffer overflow in QEMU’s IDE subsystem (ATAPI handling). A privileged guest with a CDROM drive enabled could potentially execute arbitrary host code via crafted ATAPI I/O. Public docs specify this as a host-attack surface when CD-ROM access is present; Debian securi...

7.2CVSS6.9AI score0.0063EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.132 views

CVE-2012-3959

CVE-2012-3959 describes a use-after-free in Mozilla Firefox’s nsRangeUpdater::SelAdjDeleteNode, affecting Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to execu...

10CVSS9.5AI score0.04697EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.132 views

CVE-2015-0391

CVE-2015-0391 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, with remote authenticated access able to affect availability via DDL-related vectors. Connected advisories confirm MariaDB/Mysql contexts and list affected versions; RHSA-2015:0117 remediation upgrades MariaDB to...

4CVSS6.1AI score0.07196EPSS
CVE
CVE
added 2020/01/23 7:52 p.m.132 views

CVE-2015-5239

CVE-2015-5239 : QEMU’s VNC display driver is vulnerable to an integer overflow in the vnc_client_read()/protocol_client_msg() paths when processing a CLIENT_CUT_TEXT message, which can cause an infinite loop and crash the QEMU process. Affected products include QEMU with the VNC display driver pr...

6.5CVSS6.4AI score0.0361EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.131 views

CVE-2012-4202

CVE-2012-4202 describes a heap-based buffer overflow in Firefox’s image::RasterImage::DrawFrameTo, exploitable via a crafted GIF image to execute arbitrary code. Affected products include Mozilla Firefox before 17.0, Firefox ESR before 10.0.11 (10.x), Thunderbird before 17.0, Thunderbird ESR befo...

9.3CVSS9AI score0.11079EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.131 views

CVE-2013-5612

CVE-2013-5612 is a cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 due to the absence of a charset parameter in the Content-Type header. Connected advisories confirm Firefox/SeaMonkey fixes in 2013–2014 releases (e.g., openSUSE SU-2013:1917, Mirac...

4.3CVSS7.7AI score0.03402EPSS
CVE
CVE
added 2020/02/17 8:56 p.m.131 views

CVE-2014-1947

CVE-2014-1947, 2014-1958, and 2014-2030 describe stack-based buffer overflows in ImageMagick’s PSD handling (psd.c): WritePSDImage and DecodePSDPixels functions are implicated. 1947 targets WritePSDImage in ImageMagick 6.5.4 and earlier, enabling potential denial of service or remote code executi...

7.8CVSS8.5AI score0.07024EPSS
Total number of security vulnerabilities461