Lucene search
K
SuseLinux Enterprise Desktop

461 matches found

CVE
CVE
added 2011/01/03 7:26 p.m.130 views

CVE-2010-4163

The CVE-2010-4163 issue affects the Linux kernel, where blk_rq_map_user_iov in block/blk-map.c is vulnerable before version 2.6.36.2. A local attacker can trigger a denial of service (kernel panic) by submitting a zero-length I/O request via a device ioctl to a SCSI device. The description explic...

4.7CVSS6.8AI score0.00393EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.130 views

CVE-2012-4201

CVE-2012-4201 is a concrete Firefox/XULRunner/Thunderbird/SeaMonkey vulnerability: the evalInSandbox path mishandles the context when processing JavaScript that sets location.href, enabling remote XSS or read access to arbitrary files via a sandboxed add-on. Affected software includes Mozilla Fir...

4.3CVSS7.9AI score0.03083EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.130 views

CVE-2012-5842

CVE-2012-5842 is a Mozilla Firefox browser engine vulnerability described as multiple unspecified vulnerabilities that can cause memory corruption leading to a crash or possibly remote code execution. Affected products/versions per description: Mozilla Firefox before 17.0, Firefox ESR 10.x before...

9.3CVSS9.4AI score0.04789EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.130 views

CVE-2014-1483

Technical details for CVE-2014-1483 are not publicly provided in the connected documents; sources reference the CVE but do not disclose affected products, versions, root cause, impact, or fixes. Monitor for updates.

5CVSS9AI score0.02467EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.130 views

CVE-2014-3467

GNUTLS/library libtasn1 vulnerability CVE-2014-3467 is due to multiple issues in the DER decoder of GNU Libtasn1 up to version 3.5.x (pre-3.6), exploited by crafted ASN.1 data to cause a denial of service via out-of-bounds read. The issue is confirmed in multiple advisories (F5 SOL15423, ALAS-201...

5CVSS6AI score0.068EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.130 views

CVE-2014-6520

CVE-2014-6520 affects Oracle MySQL Server 5.5.38 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via vectors related to SERVER:DDL; impact is noted as partial availability. Connected sources list this CVE among MariaDB/MySQL-...

4CVSS6.2AI score0.02644EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.130 views

CVE-2014-6530

CVE-2014-6530 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier via CLIENT:MYSQLDUMP. Connected advisories reference CVE-2014-6530 and indicate remediation through upgrading MariaDB/MySQL components to fixed versions (e.g., MariaDB/MariaDB-Galera updates to 5.5.40 per RHSA adv...

6.5CVSS6.2AI score0.02667EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.130 views

CVE-2015-0382

CVE-2015-0382 is a remote-availability vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier, related to Server: Replication, separate from CVE-2015-0381. The connected advisories show multiple vendors/types referencing MySQL/MariaDB vulnerabilities with potential DoS or ...

4.3CVSS6.6AI score0.10066EPSS
CVE
CVE
added 2016/04/13 3:0 p.m.130 views

CVE-2015-8551

CVE-2015-8551 affects the Xen PCI backend driver (pciback) when Xen runs on x86 with a Linux 3.1.x–4.3.x driver domain. The issue arises from missing sanity checks in XEN_PCI_OP_* operations, allowing a local guest administrator with access to a passed-through MSI/MSI-X PCI device to trigger BUG ...

6CVSS5.6AI score0.00451EPSS
CVE
CVE
added 2019/03/17 4:44 p.m.130 views

CVE-2017-16232

CVE-2017-16232 affects LibTIFF 4.0.8, which is reported to have multiple memory‑leak vulnerabilities that can lead to memory exhaustion/DoS. The initial entry notes third parties could not reproduce the issue. Connected advisories reference LibTIFF-related CVEs and indicate that fixes exist in la...

7.5CVSS6.7AI score0.04766EPSS
CVE
CVE
added 2009/03/25 1:0 a.m.129 views

CVE-2009-1072

CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...

4.9CVSS4.4AI score0.00427EPSS
CVE
CVE
added 2010/11/26 6:23 p.m.129 views

CVE-2010-2962

The CVE-2010-2962 issue affects the Intel i915 DRM GEM in the Linux kernel prior to 2.6.36. It arises from insufficient validation of pointers to memory blocks in i915_gem.c, enabling local users to write to kernel memory via crafted ioctl usage (pwrite/pread) and potentially gain privileges.

7.2CVSS6.2AI score0.00483EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.129 views

CVE-2012-3967

CVE-2012-3967 is a Firefox/WebGL vulnerability on Linux where the WebGL implementation fails to interact correctly with Mesa drivers when a large number of sampler uniforms are used. This can let remote attackers execute arbitrary code or cause a denial of service (stack memory corruption) via a ...

9.3CVSS9.3AI score0.04392EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.129 views

CVE-2012-5836

CVE-2012-5836 affects Mozilla Firefox (before 17.0), Mozilla Thunderbird (before 17.0), and SeaMonkey (before 2.14). The issue can allow remote code execution or an application crash when CSS properties are combined with SVG text, due to the root cause described by MFSA 2012-94. Public advisories...

7.5CVSS8.7AI score0.04453EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.129 views

CVE-2017-13084

CVE-2017-13084 describes a vulnerability in WPA/WPA2 where the Station-To-Station-Link (STK) key can be reinstalled during the PeerKey handshake. An attacker within wireless range may replay, decrypt, or spoof frames by exploiting STSL STK reinstallation. Public sources confirm this as part of th...

6.8CVSS7AI score0.02205EPSS
CVE
CVE
added 2010/09/30 2:0 p.m.128 views

CVE-2010-3296

CVE-2010-3296 affects the Linux kernel driver cxgb3 (cxgb_extension_ioctl in drivers/net/cxgb3/cxgb3_main.c). The advisory states that the code path in kernels up to 2.6.36-rc5 does not properly initialize a structure member, allowing a local user to potentially read sensitive data from kernel st...

2.1CVSS5.5AI score0.00432EPSS
CVE
CVE
added 2010/10/04 8:0 p.m.128 views

CVE-2010-3442

Technical details for CVE-2010-3442 are not publicly provided in the connected documents. The sources reference the CVE and affected kernel versions but do not describe exploitability, impact specifics, or fixes. Monitor for vendor advisories and updates.

4.7CVSS6.5AI score0.00395EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.128 views

CVE-2012-3992

CVE-2012-3992 affects Mozilla Firefox (and related Firefox-based apps) where history data is not properly handled. The flaw lets remote attackers perform cross-site scripting (XSS) or obtain sensitive POST content via a location.hash write operation combined with history navigation that loads a U...

4.3CVSS8.2AI score0.02513EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.128 views

CVE-2013-0747

Technical details for CVE-2013-0747 are not publicly provided in the supplied documents. Monitor for updates.

6.8CVSS9AI score0.02189EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.128 views

CVE-2013-3802

CVE-2013-3802 affects Oracle MySQL server up to specific versions: 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Connected ...

4CVSS4.3AI score0.03245EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.127 views

CVE-2012-3994

Mode C: CVE-2012-3994 affects Mozilla Firefox family and related Mozilla components (e.g., Firefox, Firefox ESR, Thunderbird, SeaMonkey). Root cause: use of Object.defineProperty to shadow the top object and interaction with top.location, enabling remote XSS via a binary plugin. Affected versions...

4.3CVSS8.2AI score0.02388EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.127 views

CVE-2013-0752

Technical details for CVE-2013-0752 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

9.3CVSS9.4AI score0.06623EPSS
CVE
CVE
added 2011/01/03 7:26 p.m.126 views

CVE-2010-4164

CVE-2010-4164 affects the Linux kernel prior to 2.6.36.2, where multiple integer underflows occur in the x25_parse_facilities function (net/x25/x25_facilities.c). This can allow a remote attacker to cause a denial of service (system crash) via malformed X.25 facility data (X25_FAC_CLASS_A/B/C/D)....

7.8CVSS7AI score0.04308EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.126 views

CVE-2014-6494

CVE-2014-6494 is an unspecified vulnerability in Oracle MySQL Server (affected: 5.5.39 and earlier; 5.6.20 and earlier) that can allow remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL. The IBM advisory lists the CVE among several issues affecting MySQL Server compon...

4.3CVSS6.4AI score0.04847EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.126 views

CVE-2015-0381

Technical details for CVE-2015-0381 are not publicly available in the provided documents. No specific affected products, versions, root cause, impact, or fixes are described here; monitor for updates.

4.3CVSS6.6AI score0.05428EPSS
CVE
CVE
added 2015/05/14 10:0 a.m.126 views

CVE-2015-0797

CVE-2015-0797 affects GStreamer up to 1.4.4 (GStreamer 1.4.x) when used by Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux. The flaw is a buffer over-read in H.264 video data processing in the GStreamer pipeline (m4v files) that can cause a denial o...

6.8CVSS8AI score0.0544EPSS
CVE
CVE
added 2015/11/06 9:0 p.m.126 views

CVE-2015-6855

CVE-2015-6855 affects QEMU, where hw/ide/core.c does not properly restrict ATAPI device commands. The flaw allows a guest user to cause a denial of service (and potentially other impact) by issuing certain IDE commands, demonstrated by a WIN_READ_NATIVE_MAX to an empty drive that triggers a divid...

7.5CVSS7.4AI score0.03502EPSS
CVE
CVE
added 2017/04/13 5:0 p.m.126 views

CVE-2015-8567

CVE-2015-8567 describes a memory leak in the QEMU vmxnet3 device emulator (net/vmxnet3.c) that could allow a remote attacker to cause a denial of service via memory exhaustion. The vulnerability is part of multiple CVEs in QEMU; Debian security advisories report fixes in stable Jessie to version ...

7.7CVSS7.7AI score0.05557EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.124 views

CVE-2010-3848

CVE-2010-3848 is a Linux kernel vulnerability: a stack-based buffer overflow in econet_sendmsg (net/econet/af_econet.c) when Econet is configured, caused by handling a large number of iovec structures. This allows local privilege escalation. The flaw affects Linux kernels before 2.6.36.2 and is a...

6.9CVSS6.3AI score0.00703EPSS
CVE
CVE
added 2010/11/29 3:0 p.m.124 views

CVE-2010-4072

CVE-2010-4072 affects the Linux kernel: the copy_shmid_to_user function in ipc/shm.c (pre-2.6.37-rc1) does not initialize a certain structure, enabling local users to leak potentially sensitive information from kernel stack memory via the shmctl interface and the old shm interface. Affected produ...

1.9CVSS5.8AI score0.00384EPSS
CVE
CVE
added 2010/12/10 6:0 p.m.124 views

CVE-2010-4157

CVE-2010-4157 involves an integer overflow in the Linux kernel’s GDTH SCSI driver (gdth_ioctl_alloc/ioc_general) on 64-bit platforms. A 32/64-bit mismatch when handling a large argument in an ioctl can cause memory corruption, enabling a local user to trigger a denial of service (and potentially ...

6.2CVSS7.8AI score0.0054EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.124 views

CVE-2012-4213

The CVE-2012-4213 issue is a concrete use-after-free vulnerability in Mozilla codepath: nsEditor::FindNextLeafNode affects Firefox and related products. Affected components per the initial description are Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14, with remote...

9.3CVSS8.8AI score0.06155EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.124 views

CVE-2012-5841

CVE-2012-5841 affects Mozilla Firefox (before 17.0), Firefox ESR (10.x before 10.0.11), Thunderbird (before 17.0), Thunderbird ESR (before 10.0.11) and SeaMonkey (before 2.14). The issue arises from cross-origin wrappers with a filtering behavior that fails to restrict write actions, enabling rem...

4.3CVSS7.8AI score0.0193EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.124 views

CVE-2013-0756

CVE-2013-0756 corresponds to a use-after-free in Mozilla Firefox’s obj_toSource path that can be triggered by a crafted web page referencing JavaScript Proxy objects, allowing remote code execution via standard web-visit attack vectors. Affected products include Firefox (pre-18.0), Firefox ESR 17...

9.3CVSS9.3AI score0.04199EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.124 views

CVE-2013-3812

CVE-2013-3812 affects Oracle MySQL Server prior to 5.5.31 and 5.6.11, where an unspecified vulnerability in Server Replication allows remote authenticated users to affect availability via unknown vectors. The information explicitly cites availability impact (PARTIAL) but vectors and root cause ar...

3.5CVSS5AI score0.02764EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.124 views

CVE-2013-5614

Affected software: Mozilla Firefox <= 25.x/26.0 and SeaMonkey

4.3CVSS9.1AI score0.02353EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.124 views

CVE-2014-1502

CVE-2014-1502 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The vulnerability arises in WebGL functions WebGL.compressedTexImage2D and WebGL.compressedTexSubImage2D, enabling remote attackers to bypass Same Origin Policy and render content from a different domain via unspecified ve...

6.8CVSS9.1AI score0.01147EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.124 views

CVE-2014-6464

CVE-2014-6464 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, allowing remote authenticated users to affect availability via SERVER:INNODB DML FOREIGN KEYS. The CVSS Base Score is 4.0 (MEDIUM). Affected advisories and vendors indicate re...

4CVSS5.6AI score0.04098EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.124 views

CVE-2014-6496

CVE-2014-6496 affects Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier, via CLIENT:SSL:yaSSL, causing availability issues (remote, unauthenticated). Affects MySQL Server component CLIENT:SSL:yaSSL; root cause is unspecified in the provided text. Public details across connected source...

4.3CVSS6.4AI score0.04349EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.124 views

CVE-2014-6555

CVE-2014-6555 is a MySQL Server vulnerability (affecting 5.5.39 and earlier and 5.6.20 and earlier) that allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. The connected sources identify a package-wide remediation: upgrade t...

6.5CVSS6.1AI score0.03896EPSS
CVE
CVE
added 2010/11/30 10:0 p.m.123 views

CVE-2010-4083

CVE-2010-4083 affects the Linux kernel (pre-2.6.36). The vulnerable code path is copy_semid_to_user() in ipc/sem.c, where a structure is not initialized, enabling local attackers to leak kernel stack memory via semctl commands (IPC_INFO, SEM_INFO, IPC_STAT, SEM_STAT). The issue is mitigated by up...

1.9CVSS5.8AI score0.00387EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.123 views

CVE-2014-4243

CVE-2014-4243 affects the MySQL Server component (Oracle MySQL) prior to 5.5.35 and 5.6.15. The vulnerability could allow remote authenticated users to affect availability via ENFED-related vectors. Open-source/integrated advisories reference MariaDB/RHEL/SUSE mitigations; remediation in these co...

2.8CVSS5AI score0.03404EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.123 views

CVE-2014-6505

CVE-2014-6505 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, via a vulnerability in the SERVER:MEMORY STORAGE ENGINE that can impact availability when exploited by remote authenticated users. Public advisories (RHSA-2014-1940/1862 and related Red Hat notes) indicate fixes ...

4CVSS6.2AI score0.02667EPSS
CVE
CVE
added 2015/01/21 7:0 p.m.123 views

CVE-2015-0432

CVE-2015-0432 is listed against Oracle/MySQL/MariaDB 5.5.x in multiple advisories. Public details in connected docs show fixes in 5.5.41 (RHSA-2015:0117) and 5.5.45 (ELSA-2015-1628/CentOS-CE), indicating a vulnerability affecting MySQL/MariaDB server components related to InnoDB/DDL-Foreign Key; ...

4CVSS6.1AI score0.0394EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.122 views

CVE-2010-3849

CVE-2010-3849 affects the Linux kernel’s econet_sendmsg path (net/econet/af_econet.c) prior to 2.6.36.2, when an Econet address is configured. A local user can trigger a denial of service by issuing a sendmsg with a NULL remote address, causing a NULL pointer dereference and OOPS. The correspondi...

4.7CVSS5.7AI score0.00717EPSS
In wild
CVE
CVE
added 2014/02/06 2:0 a.m.122 views

CVE-2014-1480

Technical details about CVE-2014-1480 are not publicly provided in the connected documents. The available description notes a clickjacking/ unintended file launch issue in Firefox/SeaMonkey, but specifics (affected versions, root cause, exploitability, and fixes) are not included.

4.3CVSS8.9AI score0.02683EPSS
CVE
CVE
added 2014/07/17 2:36 a.m.122 views

CVE-2014-4207

CVE-2014-4207 is described as an unspecified vulnerability in the MySQL Server component affecting Oracle MySQL 5.5.37 and earlier, enabling remote authenticated users to impact availability via the SROPTZR vector. Connected sources map the issue to MariaDB/MariaDB Galera contexts as well, with r...

4CVSS6.1AI score0.03911EPSS
CVE
CVE
added 2015/11/09 2:0 a.m.122 views

CVE-2015-2697

CVE-2015-2697 affects MIT Kerberos 5 (krb5) prior to 1.14. The issue is triggered via a remote authenticated TGS request where the realm field starts with a null byte, enabling an out-of-bounds condition that can crash the KDC (denial of service). The connected document confirms the vulnerability...

4CVSS6.9AI score0.04128EPSS
CVE
CVE
added 2010/09/08 7:0 p.m.121 views

CVE-2010-2959

The CVE-2010-2959 issue affects the Linux kernel CAN subsystem, specifically the can/bcm.c implementation, due to an integer overflow vulnerability. This flaw can allow local attackers to execute arbitrary code or cause a system crash (DoS) via crafted CAN traffic. Public advisories confirm vulne...

7.2CVSS7.8AI score0.03777EPSS
In wild
CVE
CVE
added 2012/05/17 10:0 a.m.121 views

CVE-2012-1097

CVE-2012-1097 affects the Linux kernel before 3.2.10, where the regset (register set) path mishandles absence of .get/.set methods. This can allow a local attacker to trigger a NULL pointer dereference via PTRACE_GETREGSET or PTRACE_SETREGSET, possibly causing denial of service or other impact. R...

7.8CVSS7.7AI score0.00351EPSS
Total number of security vulnerabilities461