Linux Enterprise Desktop Security Vulnerabilities and Issues — Page 9 of Linux Enterprise Desktop CVE List

Lucene search

SuseLinux Enterprise Desktop

460 matches found

CVE•added 2011/07/11 8:55 p.m.•69 views

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FT...

6.5CVSS4.6AI score0.00228EPSS

CVE•added 2017/03/17 2:59 p.m.•69 views

CVE-2014-9853

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

5.5CVSS5.7AI score0.00473EPSS

CVE•added 2012/10/10 5:55 p.m.•68 views

CVE-2012-4184

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attack...

4.3CVSS9.1AI score0.01102EPSS

CVE•added 2012/10/29 6:55 p.m.•68 views

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier ...

4.3CVSS8.2AI score0.00962EPSS

CVE•added 2012/10/29 6:55 p.m.•68 views

CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats cer...

6.4CVSS8.8AI score0.00964EPSS

CVE•added 2016/06/16 2:59 p.m.•68 views

CVE-2016-4140

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2016/06/16 2:59 p.m.•68 views

CVE-2016-4145

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2012/06/21 11:55 p.m.•67 views

CVE-2011-1477

Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.

7.2CVSS8.1AI score0.00075EPSS

CVE•added 2012/11/21 12:55 p.m.•67 views

CVE-2012-4217

Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS8.8AI score0.02868EPSS

CVE•added 2014/07/17 5:10 a.m.•67 views

CVE-2014-2484

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.

6.5CVSS5.1AI score0.00834EPSS

CVE•added 2016/06/16 2:59 p.m.•67 views

CVE-2016-4124

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2016/06/16 2:59 p.m.•67 views

CVE-2016-4128

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2016/06/16 2:59 p.m.•67 views

CVE-2016-4130

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2016/06/16 2:59 p.m.•67 views

CVE-2016-4143

9.3CVSS8.8AI score0.03697EPSS

CVE•added 2016/06/16 2:59 p.m.•67 views

CVE-2016-4144

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2014/07/17 5:10 a.m.•66 views

CVE-2014-4214

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.

3.3CVSS5.1AI score0.00858EPSS

CVE•added 2014/10/15 3:55 p.m.•66 views

CVE-2014-6474

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.

3.5CVSS6.1AI score0.0037EPSS

CVE•added 2016/06/16 2:59 p.m.•66 views

CVE-2016-4122

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2016/06/16 2:59 p.m.•66 views

CVE-2016-4127

9.3CVSS8.9AI score0.02182EPSS

CVE•added 2016/06/16 2:59 p.m.•66 views

CVE-2016-4155

9.3CVSS8.9AI score0.04131EPSS

CVE•added 2017/04/12 8:59 p.m.•66 views

CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

7.8CVSS8.5AI score0.00313EPSS

CVE•added 2012/10/12 10:44 a.m.•65 views

CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same O...

6.8CVSS9AI score0.01406EPSS

CVE•added 2016/06/16 2:59 p.m.•65 views

CVE-2016-4133

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2008/03/19 10:44 a.m.•64 views

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5CVSS8.6AI score0.04745EPSS

CVE•added 2009/03/30 4:30 p.m.•64 views

CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows...

7.8CVSS7.4AI score0.00084EPSS

CVE•added 2010/09/30 3:0 p.m.•64 views

CVE-2010-2538

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

5.5CVSS5.8AI score0.00076EPSS

CVE•added 2016/06/16 2:59 p.m.•64 views

CVE-2016-4131

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2016/06/16 2:59 p.m.•64 views

CVE-2016-4147

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2017/03/17 2:59 p.m.•63 views

CVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

9.8CVSS8.7AI score0.01316EPSS

CVE•added 2016/09/20 2:15 p.m.•63 views

CVE-2015-8929

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

5.5CVSS5.8AI score0.00271EPSS

CVE•added 2016/06/16 2:59 p.m.•63 views

CVE-2016-4139

9.3CVSS8.9AI score0.03697EPSS

CVE•added 2013/05/16 11:45 a.m.•61 views

CVE-2013-3332

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3....

10CVSS7.7AI score0.03998EPSS

CVE•added 2020/01/27 3:15 p.m.•60 views

CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

6.8CVSS6.4AI score0.00065EPSS

CVE•added 2012/06/09 12:55 a.m.•60 views

CVE-2012-2040

Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AI...

9.3CVSS6.2AI score0.01249EPSS

CVE•added 2013/05/16 11:45 a.m.•60 views

CVE-2013-2728

10CVSS7.7AI score0.03998EPSS

CVE•added 2012/10/16 9:55 p.m.•59 views

CVE-2012-5080

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078.

7.6CVSS6AI score0.01718EPSS

CVE•added 2012/11/21 12:55 p.m.•58 views

CVE-2012-4212

Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS8.8AI score0.02155EPSS

CVE•added 2012/10/10 5:55 p.m.•57 views

CVE-2012-3983

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.00771EPSS

CVE•added 2012/11/21 12:55 p.m.•57 views

CVE-2012-4218

Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS8.8AI score0.02155EPSS

CVE•added 2013/05/16 11:45 a.m.•57 views

CVE-2013-3330

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•56 views

CVE-2013-3324

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•56 views

CVE-2013-3327

10CVSS7.7AI score0.03998EPSS

CVE•added 2016/04/08 3:59 p.m.•56 views

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 a...

6.2CVSS6AI score0.00134EPSS

CVE•added 2013/05/16 11:45 a.m.•55 views

CVE-2013-3326

10CVSS7.7AI score0.03998EPSS

CVE•added 2013/05/16 11:45 a.m.•55 views

CVE-2013-3333

10CVSS7.7AI score0.03998EPSS

CVE•added 2014/06/11 2:55 p.m.•55 views

CVE-2014-2977

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overfl...

10CVSS7.8AI score0.10198EPSS

CVE•added 2017/04/12 8:59 p.m.•55 views

CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

7.8CVSS8.5AI score0.00313EPSS

CVE•added 2014/03/19 10:55 a.m.•54 views

CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

5.8CVSS8.9AI score0.00229EPSS

CVE•added 2015/04/16 5:0 p.m.•53 views

CVE-2015-2576

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.

2.1CVSS5.2AI score0.00093EPSS

CVE•added 2013/05/16 11:45 a.m.•52 views

CVE-2013-3329

10CVSS7.7AI score0.03998EPSS

Total number of security vulnerabilities460