Lucene search
K
SuseLinux Enterprise Desktop

461 matches found

CVE
CVE
added 2012/10/10 5:0 p.m.121 views

CVE-2012-3984

CVE-2012-3984 affects Mozilla Firefox (<16.0), Mozilla Thunderbird (<16.0), and SeaMonkey (

6.8CVSS8.9AI score0.02246EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.121 views

CVE-2012-3995

CVE-2012-3995 affects Mozilla Firefox and related Mozilla applications. The vulnerability arises from the IsCSSWordSpacingSpace function in Firefox (and Firefox ESR 10.x, Thunderbird, SeaMonkey as listed) where an out-of-bounds read could be exploited to run arbitrary code or trigger a denial-of-...

9.3CVSS9.4AI score0.05018EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.121 views

CVE-2013-5619

CVE-2013-5619 describes a vulnerability in Mozilla’s SpiderMonkey JavaScript engine where the binary-search implementation could overflow, potentially enabling a remote attacker to cause a denial of service via crafted JavaScript. The initial Mozilla/OpenSUSE/IBM advisories confirm this is a Java...

7.5CVSS9.5AI score0.03707EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.121 views

CVE-2013-6672

CVE-2013-6672: Firefox (Linux) and SeaMonkey are affected by a Linux clipboard information disclosure via middle-click paste. The initial entry specifies Firefox < 26.0 and SeaMonkey

4.3CVSS9AI score0.03341EPSS
CVE
CVE
added 2009/10/19 7:27 p.m.120 views

CVE-2009-3612

CVE-2009-3612 affects the Linux kernel’s net/sched/cls_api.c tcf_fill_node in the netlink subsystem. The issue is that a tcm__pad2 structure member is not initialized, potentially allowing local attackers to read sensitive kernel memory. Affected: kernel 2.6.x prior to 2.6.32-rc5 and 2.4.37.6 and...

2.1CVSS6.1AI score0.00399EPSS
CVE
CVE
added 2012/06/05 11:0 p.m.120 views

CVE-2012-1938

CVE-2012-1938 affects Mozilla's browser engine and is described in the MiracleLinux AXSA:2012-857 advisory as multiple vulnerabilities in Firefox (and related components) that could allow memory corruption and remote code execution. Specifically, it impacts Mozilla Firefox before 13.0, Thunderbir...

9.3CVSS9.9AI score0.04899EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.120 views

CVE-2012-3976

CVE-2012-3976 affects Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue arises from improper handling of onLocationChange events when navigating between https sites, allowing remote attackers to spoof the X.509 certificate information in the address...

4.3CVSS8.6AI score0.01779EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.120 views

CVE-2012-3988

CVE-2012-3988 is a use-after-free vulnerability in Mozilla Firefox (pre-16.0), Firefox ESR (pre-10.0.8), Thunderbird (pre-16.0), Thunderbird ESR (pre-10.0.8), and SeaMonkey (pre-2.13). It can be triggered via mozRequestFullScreen with full-screen mode and navigation via history.back, potentially ...

9.3CVSS9.3AI score0.05201EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.120 views

CVE-2013-0762

CVE-2013-0762 is a use-after-free in imgRequest::OnStopFrame affecting Mozilla Firefox prior to 18.0 (and ESR 10.x before 10.0.12, ESR 17.x before 17.0.1), Thunderbird prior to 17.0.2, and SeaMonkey prior to 2.15. It can allow remote code execution or a denial of service via heap memory corruptio...

9.3CVSS9.6AI score0.04713EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.120 views

CVE-2014-1504

CVE-2014-1504 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The session-restore feature does not honor the CSP of data: URLs, enabling remote XSS via a crafted document opened after a browser restart. The impact stated is cross-site scripting with partial integrity/complete confide...

2.6CVSS8.1AI score0.02064EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.120 views

CVE-2014-4287

CVE-2014-4287 describes an unspecified vulnerability in Oracle MySQL Server, affecting versions 5.5.38 and earlier and 5.6.19 and earlier, that allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. The description indicates the issue is focused on ...

4CVSS6.2AI score0.02667EPSS
CVE
CVE
added 2010/10/04 8:0 p.m.119 views

CVE-2010-3437

The vulnerability CVE-2010-3437 affects the Linux kernel (before 2.6.36-rc6) in pkt_find_dev_from_minor within drivers/block/pktcdvd.c. A crafted index value passed via PKT_CTRL_CMD_STATUS ioctl can cause a signedness error, enabling local attackers to read kernel memory or trigger a crash (DoS)....

6.6CVSS5.6AI score0.02416EPSS
In wildWeb
CVE
CVE
added 2013/04/29 10:0 a.m.119 views

CVE-2013-3301

CVE-2013-3301 affects the Linux kernel ftrace implementation up to version before 3.8.8. Local users with CAP_SYS_ADMIN can write to either set_ftrace_pid or set_graph_function and trigger an lseek, leading to a NULL pointer dereference and possible system crash or other impact. Multiple connecte...

7.2CVSS5.6AI score0.00985EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.119 views

CVE-2013-3783

CVE-2013-3783 affects the MySQL Server component in Oracle MySQL 5.5.31 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via unknown vectors related to the Server Parser. Connected sources reference this CVE within broader Ora...

4CVSS5AI score0.0309EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.119 views

CVE-2013-6673

Technical details about CVE-2013-6673 are not publicly available in the provided connected documents; monitor for updates.

5.9CVSS6.9AI score0.02886EPSS
CVE
CVE
added 2014/11/14 3:0 p.m.119 views

CVE-2014-7815

CVE-2014-7815 affects the QEMU component: the function set_pixel_format in ui/vnc.c can be triggered remotely to crash the QEMU process (DoS) by sending a small value for bytes_per_pixel. The vulnerability is explicitly documented in multiple advisories and patches were issued in openSUSE/SUSE se...

5CVSS5.8AI score0.03742EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.118 views

CVE-2012-3989

CVE-2012-3989 affects Mozilla Firefox (and related Mozilla products) prior to version 16.0, Thunderbird prior to 16.0, and SeaMonkey prior to 2.13. The vulnerability is a crash caused by an invalid cast when using the instanceof operator on certain JavaScript objects, which could allow remote att...

9.3CVSS9.5AI score0.03464EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.118 views

CVE-2014-1485

CVE-2014-1485 affects Mozilla Firefox (prior to 27.0) and SeaMonkey (prior to 2.24). The CSP implementation in these browsers evaluates style-src directives for XSLT processing rather than script-src, potentially allowing remote attackers to execute arbitrary XSLT code through insufficient style-...

7.5CVSS9.4AI score0.02995EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.118 views

CVE-2014-1498

CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...

5CVSS8.8AI score0.01778EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.118 views

CVE-2014-1500

CVE-2014-1500 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue allows remote attackers to cause resource exhaustion and application hang via onbeforeunload events that trigger background JavaScript execution. Exploitation details are not provided in the available docum...

5CVSS9AI score0.03541EPSS
CVE
CVE
added 2007/12/04 12:0 a.m.117 views

CVE-2007-6206

CVE-2007-6206 affects the Linux kernel (2.4.x and 2.6.x up to 2.6.24-rc3). The issue lies in the do_coredump function in fs/exec.c, where the core dump file’s UID is not changed if a core dump already exists in the same location when a root-owned process dumps a core. This behavior could allow a ...

2.1CVSS5.2AI score0.00425EPSS
CVE
CVE
added 2009/03/06 11:0 a.m.117 views

CVE-2009-0834

The CVE-2009-0834 issue affects the Linux kernel up to 2.6.28.7 on x86_64, where audit_syscall_entry mishandles 32-bit processes making 64-bit syscalls or 64-bit processes making 32-bit syscalls. This can allow local users to bypass certain syscall audit configurations, and is related to CVE-2009...

3.6CVSS4.6AI score0.00441EPSS
CVE
CVE
added 2009/10/20 5:0 p.m.117 views

CVE-2009-2910

CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...

2.1CVSS5.9AI score0.00414EPSS
CVE
CVE
added 2011/01/07 11:0 a.m.117 views

CVE-2010-4160

The CVE-2010-4160 issue is present in the Linux kernel before 2.6.36.2, involving multiple integer overflows in the PPPoL2TP and IPoL2TP sendmsg paths (pppol2tp_sendmsg and l2tp_ip_sendmsg). The vulnerability can allow local users to trigger a denial of service through heap memory corruption and ...

6.9CVSS7.5AI score0.00529EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.117 views

CVE-2013-0767

CVE-2013-0767 affects Mozilla Firefox (and related Mozilla components) with the nsSVGPathElement::GetPathLengthScale path handling. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via an out-of-bounds read, reported for Firefox before 18.0, ESR 10....

10CVSS9.5AI score0.05815EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.117 views

CVE-2013-3804

CVE-2013-3804 affects Oracle MySQL Server prior to specific versions (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The issue is described as an unspecified vulnerability in the Server Optimizer that remote authenticated users can exploit to affect availability via unknown vectors....

4CVSS4.3AI score0.02983EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.117 views

CVE-2014-6463

CVE-2014-6463 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier; impact is availability via SERVER:REPLICATION ROW FORMAT BINARY LOG DML when an authenticated remote user runs DML. Red Hat advisories RHSA-2014-1940 and related RHSA entries indicate that MariaDB/MariaDB-Galera ...

3.3CVSS6.1AI score0.02815EPSS
CVE
CVE
added 2009/10/22 3:26 p.m.116 views

CVE-2009-3620

CVE-2009-3620 affects the ATI Rage 128 (r128) driver in the Linux kernel, where the driver fails to properly verify Concurrent Command Engine (CCE) state initialization. This local vulnerability can cause a NULL pointer dereference and system crash (DoS) and may allow privilege escalation via uns...

7.8CVSS6.7AI score0.00425EPSS
CVE
CVE
added 2010/05/07 6:23 p.m.116 views

CVE-2010-1437

CVE-2010-1437 is a race condition in the Linux kernel’s keyring handling (find_keyring_by_name in security/keys/keyring.c) affecting version 2.6.34-rc5 and earlier. A local user can exploit this via keyctl session commands that access a dead keyring being deleted by key_cleanup, leading to memory...

7CVSS7.2AI score0.00658EPSS
CVE
CVE
added 2010/09/21 5:0 p.m.116 views

CVE-2010-3080

CVE-2010-3080 is a double-free vulnerability in the Linux kernel’s snd_seq_oss_open() (sound/core/seq/oss/seq_oss_init.c) affecting kernels before 2.6.36-rc4. An unsuccessful open of /dev/sequencer could trigger kernel memory corruption, leading to local denial of service and potentially other im...

7.2CVSS7.7AI score0.00416EPSS
CVE
CVE
added 2010/11/30 10:0 p.m.116 views

CVE-2010-4080

CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...

2.1CVSS5.6AI score0.0042EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.116 views

CVE-2010-4165

CVE-2010-4165 affects the Linux kernel prior to 2.6.37-rc2. The do_tcp_setsockopt function does not properly constrain TCP_MAXSEG (MSS) values, allowing a local user to trigger a denial of service via a setsockopt with a small value, leading to a divide-by-zero or signed-integer misuse. Evidence ...

4.9CVSS6.8AI score0.01355EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.116 views

CVE-2013-0766

CVE-2013-0766 is a use-after-free in the ~nsHTMLEditRules implementation affecting Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15. The vulnerabili...

9.3CVSS9.5AI score0.04713EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.116 views

CVE-2013-3808

CVE-2013-3808 affects Oracle MySQL Server up to certain older releases: 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier. The vulnerability is described as unspecified and remote-authenticated, impacting availability via unknown vectors related to Server Options. No exploitation det...

4CVSS4.2AI score0.02827EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.116 views

CVE-2013-5611

CVE-2013-5611 refers to Mozilla Firefox (pre-26.0) where an App Installation doorhanger isn’t properly removed, enabling a remote attacker to spoof a Web App installation site by timing page navigation. Connected sources confirm affected products and fixes: IBM/SONAS and IBM Storwize advisories l...

5.8CVSS9AI score0.02138EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.115 views

CVE-2014-6484

CVE-2014-6484 is listed as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, with remote authenticated users able to affect availability via SERVER:DML. Connected Red Hat advisories (RHSA-2014-1940 and RHSA-2014-1862) classify this under MariaDB/MySQL...

4CVSS6.2AI score0.02667EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.115 views

CVE-2015-2737

CVE-2015-2737 affects Mozilla Firefox before 39.0 (and ESR 31.x before 31.8, 38.x before 38.1) and Thunderbird before 38.1. It targets rx::d3d11::SetBufferData, which reads data from uninitialized memory locations. The description notes the impact and attack vectors are unspecified; no explicit f...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.115 views

CVE-2015-8931

CVE-2015-8931 involves multiple integer overflows in libarchive’s mtree support. The vulnerability arises in archive_read_support_format_mtree.c (mtree parser) in libarchive before 3.2.0, potentially allowing a remote attacker to trigger undefined behavior via a crafted mtree file. Connected advi...

7.8CVSS8AI score0.02122EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.115 views

CVE-2016-0668

CVE-2016-0668 affects Oracle MySQL 5.6.28 and earlier, 5.7.10 and earlier, and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12. The vulnerability is described as an unspecified issue related to InnoDB that can allow local users to affect availability. Remediation stated in the sources inc...

4.1CVSS4.3AI score0.0146EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.114 views

CVE-2012-4205

CVE-2012-4205 affects Mozilla Firefox (prior to 17.0), Mozilla Thunderbird (prior to 17.0), and SeaMonkey (prior to 2.14). The root cause, per the description, is that XMLHttpRequest objects created in sandboxes are assigned the system principal rather than the sandbox principal, enabling CSRF ag...

6.8CVSS8.5AI score0.01613EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.113 views

CVE-2013-3805

CVE-2013-3805 affects Oracle MySQL: MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 is vulnerable. Description specifies an unspecified vulnerability that allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. The entry do...

4CVSS5.1AI score0.02291EPSS
CVE
CVE
added 2014/07/03 1:0 a.m.113 views

CVE-2014-4667

CVE-2014-4667 affects the Linux kernel: the sctp_association_free function in net/sctp/associola.c before version 3.15.2 fails to properly manage a specific backlog value, enabling remote attackers to trigger a denial of service (socket outage) via a crafted SCTP packet. The vulnerability is root...

5CVSS5.2AI score0.05926EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.113 views

CVE-2015-8933

CVE-2015-8933 is a Libarchive vulnerability: an integer overflow in archive_read_support_format_tar_skip() within archive_read_format_tar.c, affecting Libarchive prior to 3.2.0. This can allow a remote attacker to crash a target via a crafted tar file (DoS). The connected Nessus/EulerOS entries c...

5.5CVSS6AI score0.02028EPSS
CVE
CVE
added 2010/09/08 7:0 p.m.112 views

CVE-2010-2803

CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...

1.9CVSS6.8AI score0.00467EPSS
CVE
CVE
added 2010/09/03 7:0 p.m.112 views

CVE-2010-2954

The CVE-2010-2954 issue affects the Linux kernel IRDA stack: irda_bind in net/irda/af_irda.c may dereference a NULL pointer when irda_open_tsap fails, causing local denial of service (kernel panic) via repeated unsuccessful binds on AF_IRDA (PF_IRDA) sockets. Affected software is the Linux kernel...

4.9CVSS7.3AI score0.00422EPSS
CVE
CVE
added 2010/12/29 5:27 p.m.112 views

CVE-2010-3874

CVE-2010-3874: Heap-based buffer overflow in the bcm_connect function of net/can/bcm.c (Broadcast Manager) in the Linux kernel CAN implementation. Affects 64-bit kernels, before 2.6.36.2, enabling local attackers to cause memory corruption and a denial of service via a connect operation. The conn...

4CVSS7AI score0.00395EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.112 views

CVE-2012-1090

CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...

5.5CVSS5.8AI score0.004EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.112 views

CVE-2012-3961

CVE-2012-3961 is a use-after-free in the RangeData implementation affecting Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, and SeaMonkey before 2.12. Exploitation could allow remote code execution or a denial of service via heap memory...

10CVSS9.4AI score0.06664EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.112 views

CVE-2012-4209

Mode C: The CVE-2012-4209 issue affects Mozilla-based components used in MiracleLinux 4 (firefox-10.0.11-1.0.1.AXS4, xulrunner-10.0.11-1.0.1.AXS4) and is described as allowing cross-site scripting by abusing top frame name and location access. Affected products include Mozilla Firefox and Firefox...

4.3CVSS7.8AI score0.02546EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.112 views

CVE-2014-1484

CVE-2014-1484 affects Mozilla Firefox on Android 4.2 and earlier, where system logs may contain profile paths, enabling a crafted application to access sensitive information. Connected docs reference the CVE within openSUSE Firefox ESR advisories and indicate fixes in later Firefox ESR updates (e...

5CVSS8.5AI score0.01556EPSS
Total number of security vulnerabilities461