Lucene search
K
SuseLinux Enterprise Desktop

461 matches found

CVE
CVE
added 2012/11/21 11:0 a.m.98 views

CVE-2012-4216

CVE-2012-4216 is a use-after-free in gfxFont::GetFontEntry affecting Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14. Exploitation could lead to remote code execution or a denial of service via h...

9.3CVSS9AI score0.06074EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.98 views

CVE-2015-8930

CVE-2015-8930 affects libarchive’s ISO parser (bsdtar) and can cause a denial-of-service via an infinite loop when opening a crafted ISO with a directory that is a member of itself. The available connected documents show this vulnerability across multiple advisories and platforms, indicating it i...

7.5CVSS7.5AI score0.04287EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.98 views

CVE-2016-4149

CVE-2016-4149 is part of a set of vulnerabilities in Adobe Flash Player. Connected advisories note the issue alongside multiple other CVEs (notably in 4122–4149) and describe vulnerabilities in the Flash Player libraries used by Microsoft IE/Edge. Public updates from Mageia list CVE-2016-4149 as ...

9.3CVSS8.9AI score0.0381EPSS
CVE
CVE
added 2009/04/17 2:0 p.m.97 views

CVE-2009-1186

CVE-2009-1186 affects udev prior to version 1.4.1, where a buffer overflow in util_path_encode in udev/lib/libudev-util.c can be triggered by crafted arguments, enabling a local denial of service. Public reports tie this with the same issue as CVE-2009-1185/1186; multiple advisories (Mandriva, Ma...

2.1CVSS6AI score0.00539EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.97 views

CVE-2012-5833

CVE-2012-5833 concerns WebGL texImage2D handling in Mozilla Firefox (and related Gecko-based products) that interacts with Mesa drivers. The vulnerability can allow remote code execution or a denial of service (memory corruption) via certain level parameter values. Affected versions include Firef...

9.3CVSS9.1AI score0.0483EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.97 views

CVE-2014-3469

CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...

5CVSS5.6AI score0.03817EPSS
CVE
CVE
added 2015/11/09 2:0 a.m.97 views

CVE-2015-2695

CVE-2015-2695 affects MIT Kerberos 5 (krb5) where the krb5 GSS-API SPNEGO mechanism mishandles a context, relying on an inappropriate context handle. This can enable a remote attacker to cause a denial of service via a crafted gss_inquire_context call on a partially-established SPNEGO context, le...

5CVSS7AI score0.06243EPSS
CVE
CVE
added 2015/11/09 2:0 a.m.97 views

CVE-2015-2696

MIT Kerberos 5 (krb5) vulnerability CVE-2015-2696 arises from an inappropriate context handle in iakerb.c, enabling remote denial of service via crafted IAKERB packets during gss_inquire_context. IBM CP4S remediation in the connected materials shows affected Cloud Pak for Security versions 1.8.0....

7.1CVSS7AI score0.04543EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.96 views

CVE-2009-1961

CVE-2009-1961 is a local-denial-of-service vulnerability in the Linux kernel related to the inode double-locking path in fs/ocfs2/file.c. A sequence of splice system calls can deadlock between generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write, preventing file creation/remov...

4.7CVSS4.4AI score0.00589EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.96 views

CVE-2012-4215

CVE-2012-4215 is a use-after-free in Mozilla Firefox’s nsPlaintextEditor::FireClipboardEvent that could allow remote code execution or a heap memory corruption, affecting Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before...

9.3CVSS9AI score0.06074EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.96 views

CVE-2012-5835

CVE-2012-5835 describes an integer overflow in the WebGL subsystem of Mozilla Firefox prior to 17.0 (also affecting Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 and Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14). The overflow can lead to remote code execution or a den...

10CVSS9.1AI score0.08528EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.96 views

CVE-2016-4152

CVE-2016-4152 is an unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier used in Flash libraries for Internet Explorer 10/11 and Edge. Connected sources (HackerOne) map this to a ShimContentResolver.configure memory corruption issue in Flash Player, with patches issued by variou...

9.3CVSS8.9AI score0.04387EPSS
CVE
CVE
added 2010/09/29 4:0 p.m.95 views

CVE-2010-2478

CVE-2010-2478: The Linux kernel before 2.6.33.7 on 32-bit platforms has an integer overflow in ethtool_get_rxnfc(), triggered by a large info.rule_cnt via ETHTOOL_GRXCLSRLALL. Local users can cause a denial of service or potentially other impact (as described in the connected Mirage/Linux advisor...

7.2CVSS7.6AI score0.00419EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.95 views

CVE-2012-3956

CVE-2012-3956 is a use-after-free in MediaStreamGraphThreadRunnable::Run in Mozilla Firefox before 15.0 (and similar affected versions for Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, SeaMonkey before 2.12). Successful exploitation could allow remote attackers t...

10CVSS9.4AI score0.05408EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.95 views

CVE-2012-3968

CVE-2012-3968 is a use-after-free in Firefox’s WebGL implementation related to deletion of a fragment shader by its accessor. The issue allows remote attackers to execute arbitrary code via crafted web content. Affected products include Mozilla Firefox (and Firefox ESR 10.x lineage) prior to patc...

10CVSS9.2AI score0.05899EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.95 views

CVE-2012-5838

CVE-2012-5838 affects the WebGL copyTexImage2D in Mozilla Firefox (<17.0), Thunderbird (<17.0), and SeaMonkey (

9.3CVSS8.9AI score0.06155EPSS
CVE
CVE
added 2014/10/15 10:0 a.m.95 views

CVE-2014-0569

CVE-2014-0569 is an integer overflow vulnerability in Adobe Flash Player (and related AIR components) that could allow remote code execution. Affected products/versions (per initial entry) include Flash Player before 13.0.0.250 and 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 o...

9.3CVSS7.6AI score0.90208EPSS
CVE
CVE
added 2015/04/28 2:0 p.m.95 views

CVE-2015-3340

CVE-2015-3340 affects Xen 4.2.x through 4.5.x and involves uninitialized fields, allowing certain remote domains to read sensitive memory content via XEN_DOMCTL_gettscinfo or XEN_SYSCTL_getdomaininfolist. Public advisories (e.g., Debian DSA-3414) classify this as a denial of information disclosur...

2.9CVSS6.3AI score0.00793EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.94 views

CVE-2013-0771

CVE-2013-0771 describes a heap-based buffer overflow in Mozilla Firefox’s gfxTextRun::ShrinkToLigatureBoundaries, affecting Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR 17.x before 17.0.1), and SeaMonkey before 2.15. Successful exploitation via a crafted do...

9.3CVSS9.5AI score0.05334EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.94 views

CVE-2016-4957

ntpd (NTP) before version 4.2.8p8 is vulnerable to a remote DoS via specially crafted crypto-NAK packets, causing ntpd to crash. This issue stems from an incorrect fix applied after CVE-2016-1547 and affects ntpd’s handling of CRYPTO-NAK. Public references indicate an impact to the daemon’s avail...

7.5CVSS6.2AI score0.44936EPSS
CVE
CVE
added 2012/02/09 2:0 a.m.93 views

CVE-2011-3970

CVE-2011-3970 affects libxslt as used in Google Chrome prior to 17.0.963.46, enabling a remote attacker to cause a denial of service via an out-of-bounds read (vectors not specified in the entry). The issue has been addressed in downstream advisories and Chrome updates; Chrome/SUSE/Fedora advisor...

4.3CVSS6.8AI score0.01809EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.93 views

CVE-2016-4150

CVE-2016-4150 is an unspecified memory corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier, reported in the Flash libraries used by IE/Edge. Connected sources confirm a ShimContentFactory.retrieveOpportunityGenerators() memory-corruption condition leading to potential memory cra...

9.3CVSS8.9AI score0.04539EPSS
CVE
CVE
added 2011/11/11 6:0 p.m.92 views

CVE-2011-3439

CVE-2011-3439 affects FreeType in CoreGraphics on Apple iOS prior to 5.0.1. An attacker could craft a font in a document to trigger memory corruption, enabling remote code execution or a denial of service. Affected component: FreeType/CoreGraphics; impact: code execution and memory corruption. Re...

9.3CVSS7.4AI score0.05329EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.92 views

CVE-2012-5839

CVE-2012-5839 is a heap-based buffer overflow in Mozilla's gfxShapedWord::CompressedGlyph::IsClusterStart that affects Firefox and related Mozilla components. Affected software includes Mozilla Firefox before 17.0 (and ESR 10.x before 10.0.11), Thunderbird before 17.0 (and ESR 10.x before 10.0.11...

9.3CVSS9.1AI score0.06997EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.92 views

CVE-2012-5840

CVE-2012-5840 is a Use-after-free vulnerability in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14. The flaw allows remote attacker...

9.3CVSS9.1AI score0.06074EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.92 views

CVE-2016-4153

CVE-2016-4153 is a memory‑corruption vulnerability in Adobe Flash Player’s ShimOpportunityGenerator.configure() that can cause a memory crash and, as described by a trusted report, could enable arbitrary code execution. The vulnerability is associated with Flash Player builds up to 21.0.0.242 and...

9.3CVSS8.9AI score0.04387EPSS
CVE
CVE
added 2009/07/22 6:0 p.m.91 views

CVE-2009-2472

Affected software: Mozilla Firefox before 3.0.12 (as per CVE-2009-2472). Issue: during object construction, Firefox did not always use XPCCrossOriginWrapper, allowing bypass of the Same Origin Policy and enabling cross-site scripting (XSS) via a crafted document. Impact: potential XSS vulnerabili...

4.3CVSS7.5AI score0.02243EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.91 views

CVE-2014-9853

CVE-2014-9853 : In ImageMagick, a memory leak in the coders/rle.c parser can be triggered by a crafted RLE file, enabling remote attackers to cause a denial of service via memory consumption. The available documents confirm ImageMagick and the rle.c component as the affected codepath; no version ...

5.5CVSS5.7AI score0.01815EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.91 views

CVE-2016-4135

CVE-2016-4135 is one of multiple Flash Player vulnerabilities addressed in mid‑2016 advisories. Connected sources show this entry being treated as a memory corruption issue in Adobe Flash Player (Flash libraries in IE/Edge) that contributes to heap-based buffers overflow and arbitrary code execut...

9.3CVSS8.9AI score0.16544EPSS
Web
CVE
CVE
added 2013/12/11 3:0 p.m.90 views

CVE-2013-5610

CVE-2013-5610 is a memory-corruption vulnerability in the Mozilla Firefox browser engine (pre-26.0) and SeaMonkey (pre-2.23) with potential remote code execution via unknown vectors and denial of service. Public advisories (e.g., openSUSE/MFSA entries) indicate fixes are available by upgrading Fi...

10CVSS9.9AI score0.06511EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.90 views

CVE-2014-6564

CVE-2014-6564 affects Oracle MySQL Server 5.6.19 and earlier. Described as an unspecified vulnerability that allows remote authenticated users to affect availability via INNODB FULLTEXT SEARCH DML vectors. Connected sources confirm affected product/version and impact focus on availability; no exp...

4CVSS6.1AI score0.02365EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.90 views

CVE-2016-4125

CVE-2016-4125 is listed as an Adobe Flash Player vulnerability addressed by the 11.2.202.626 update (APSB16-18) across multiple Linux distributions (SUSE/openSUSE) and Red Hat advisories. The connected documents confirm the CVE is part of a batch of issues fixed in the Flash Player update and lin...

9.3CVSS8.9AI score0.0381EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.90 views

CVE-2016-4156

CVE-2016-4156 is an unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, used in the Flash libraries for Microsoft Internet Explorer 10/11 and Edge. The description notes unknown impact and attack vectors and distinguishes it from MS16-083. Connected documents show this family ...

9.3CVSS8.9AI score0.04387EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.89 views

CVE-2012-4196

CVE-2012-4196 affects Mozilla Firefox (and related Mozilla components) where a prototype property-injection attack on the Location object (window.location) bypassed Same Origin Policy. Affected are Firefox prior to 16.0.2, Firefox ESR 10.x prior to 10.0.10, Thunderbird prior to 16.0.2, Thunderbir...

6.4CVSS8.8AI score0.03287EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.89 views

CVE-2016-4141

CVE-2016-4141 is described as an unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, used in the Flash libraries for Microsoft Internet Explorer 10/11 and Microsoft Edge, with unknown impact and attack vectors. The connected documents provide concrete remediation activity: Mag...

9.3CVSS8.9AI score0.0381EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.88 views

CVE-2012-4179

CVE-2012-4179 is a use-after-free in Mozilla Firefox's nsHTMLCSSUtils::CreateCSSPropertyTxn that can lead to code execution or heap memory corruption. Affected are Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey befor...

9.3CVSS9.4AI score0.04727EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.88 views

CVE-2012-4183

CVE-2012-4183 is a use-after-free in DOMSVGTests::GetRequiredFeatures affecting Firefox before 16.0, Firefox ESR before 10.0.8, Thunderbird before 16.0, and SeaMonkey before 2.13, with potential for remote code execution or a denial of service via heap memory corruption. Connected advisories from...

9.3CVSS9.4AI score0.04803EPSS
CVE
CVE
added 2013/02/27 12:0 a.m.88 views

CVE-2013-0643

CVE-2013-0643: Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows remote code execution via crafted SWF content. Affected products include Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows/macOS, and before 10.3.183....

9.3CVSS7.6AI score0.10533EPSS
In wild
CVE
CVE
added 2016/09/20 2:0 p.m.88 views

CVE-2015-8925

CVE-2015-8925 affects libarchive (before 3.2.0). A denial of service can be triggered by processing a crafted mtree file due to an invalid memory read in read_mtree. Affected products include libarchive in various distributions; remediation is to upgrade to a fixed libarchive version as provided ...

5.5CVSS6.2AI score0.0206EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.87 views

CVE-2012-3963

CVE-2012-3963 is a Use-after-free in Mozilla Firefox's js::gc::MapAllocToTraceKind that can allow remote code execution. Affected: Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, SeaMonkey before 2.12. Mitigation: upgrade to Firefo...

10CVSS9.4AI score0.05949EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.87 views

CVE-2012-4184

CVE-2012-4184 affects Mozilla's COW in Firefox (and related Mozilla products) prior to version 16.0 (Firefox), ESR 10.x prior to 10.0.8, Thunderbird prior to 16.0, Thunderbird ESR 10.x prior to 10.0.8, and SeaMonkey prior to 2.13. The issue allows a crafted web site to bypass restrictions and acc...

4.3CVSS9.1AI score0.01802EPSS
CVE
CVE
added 2012/10/12 10:0 a.m.87 views

CVE-2012-4193

CVE-2012-4193 affects Mozilla Firefox and related Mozilla products (Firefox before 16.0.1, Firefox ESR before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR before 10.0.9, SeaMonkey before 2.13.1). Root cause: a security check in the defaultValue unwrapping of security wrappers is omitted, al...

6.8CVSS9AI score0.01155EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.87 views

CVE-2016-4151

CVE-2016-4151 is described as an unspecified memory-corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier, affecting the Flash library components used by Internet Explorer 10/11 and Microsoft Edge. The connected documents attribute the issue to ShimContentFactory.retrieveResolvers...

9.3CVSS8.9AI score0.04387EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.87 views

CVE-2016-4154

CVE-2016-4154 is a memory-corruption vulnerability in Adobe Flash Player (used in Flash libraries in IE11/Edge) linked to ShimContentResolver.resolve() with resolverType=0. Root cause: improper validation leading to a memory crash, enabling potential arbitrary code execution. Affected: Adobe Flas...

9.3CVSS8.9AI score0.04387EPSS
CVE
CVE
added 2014/10/15 10:0 a.m.86 views

CVE-2014-0564

CVE-2014-0564 affects Adobe Flash Player before 13.0.0.250, 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 on Linux, as well as Adobe AIR before 15.0.0.293 and related AIR SDKs, allowing arbitrary code execution or memory corruption via unspecified vectors (distinct from CVE-2014...

10CVSS7.7AI score0.06192EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.86 views

CVE-2016-4142

CVE-2016-4142 is a use-after-free vulnerability in Adobe Flash Player (as used in Flash libraries for Internet Explorer 10/11 and Microsoft Edge) that can lead to remote code execution via specially crafted SWF content. The initial entry notes Flash Player 21.0.0.242 and earlier as affected. Conn...

9.3CVSS8.9AI score0.0381EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.86 views

CVE-2016-4146

CVE-2016-4146 is a Flash Player vulnerability affecting Adobe Flash Player in the browser plugins used by IE/Edge, with a focus on memory corruption/use-after-free conditions that could lead to arbitrary code execution. Public advisories (e.g., Mageia and ALT Linux) group it with other CVEs (4122...

9.3CVSS8.9AI score0.0381EPSS
CVE
CVE
added 2016/06/16 2:0 p.m.86 views

CVE-2016-4148

CVE-2016-4148 is part of a family of Flash Player vulnerabilities fixed in 2016 across multiple advisories. Connected records confirm multiple CVEs (including 4148) with a range of memory corruption issues (use-after-free, heap overflows, type confusion, information disclosure) that could lead to...

9.3CVSS8.9AI score0.0381EPSS
CVE
CVE
added 2017/04/12 8:0 p.m.86 views

CVE-2016-9957

Summary: CVE-2016-9957 corresponds to a stack-based buffer overflow in the Game Music Emu library prior to version 0.6.1. Multiple connected advisories (Gentoo GLSA-201707-02, Fedora advisories) describe a remotely triggerable condition: a user could be enticed to open a specially crafted SPC mus...

7.8CVSS8.7AI score0.01928EPSS
CVE
CVE
added 2008/03/19 10:0 a.m.85 views

CVE-2008-0063

CVE-2008-0063 affects MIT Kerberos 5 (krb5kdc) where Kerberos v4 support leaves an unused buffer uncleared when generating error messages. This can allow remote attackers to read sensitive information from memory. Public advisories across multiple vendors (e.g., MiracleLinux AXSA-2008-345/AXSA-20...

7.5CVSS8.6AI score0.03478EPSS
Total number of security vulnerabilities461