Lucene search
K
SuseLinux Enterprise Desktop12

171 matches found

CVE
CVE
added 2014/06/05 9:0 p.m.15804 views

CVE-2014-3470

CVE-2014-3470 is an OpenSSL vulnerability where the ssl3_send_client_key_exchange in s3_clnt.c can trigger a NULL certificate value when using anonymous ECDH cipher suites, leading to a denial-of-service via NULL pointer dereference and client crash. Affected OpenSSL versions are before 0.9.8za, ...

4.3CVSS7.4AI score0.85784EPSS
CVE
CVE
added 2014/09/24 6:0 p.m.2913 views

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2014/09/25 1:0 a.m.1332 views

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

10CVSS8.4AI score0.9994EPSS
In wild
CVE
CVE
added 2015/05/21 12:0 a.m.1252 views

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

4.3CVSS4.8AI score0.9986EPSS
In wild
CVE
CVE
added 2015/07/16 10:0 a.m.1176 views

CVE-2015-2590

CVE-2015-2590 is an unspecified vulnerability affecting Oracle Java SE (6u95, 7u80, 8u45) and Java SE Embedded (7u75, 8u33) with impact to confidentiality, integrity, and availability via unknown vectors in the Libraries component. Public details in the initial description are limited; connected ...

10CVSS4.2AI score0.25469EPSS
In wild
CVE
CVE
added 2016/05/05 6:0 p.m.1093 views

CVE-2016-3718

ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...

5.5CVSS6.7AI score0.76897EPSS
In wild
CVE
CVE
added 2016/05/05 6:0 p.m.1092 views

CVE-2016-3715

Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...

5.8CVSS6.3AI score0.75383EPSS
In wild
CVE
CVE
added 2016/05/11 1:0 a.m.1076 views

CVE-2016-4117

CVE-2016-4117 affects Adobe Flash Player (earlier than 21.0.0.196) via an out-of-bounds access in the DeleteRangeTimelineOperation module of the SWF runtime, caused by a type-confusion vulnerability. This allows memory corruption and arbitrary code execution, as demonstrated by FireEye researcher...

10CVSS9.8AI score0.94354EPSS
In wild
CVE
CVE
added 2015/02/02 7:0 p.m.1048 views

CVE-2015-0313

Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....

10CVSS7.9AI score0.95683EPSS
In wild
CVE
CVE
added 2015/12/28 11:0 p.m.1031 views

CVE-2015-8651

CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...

9.3CVSS9.6AI score0.67922EPSS
In wild
CVE
CVE
added 2015/10/15 10:0 a.m.1016 views

CVE-2015-7645

CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....

9.3CVSS8.7AI score0.68396EPSS
In wild
CVE
CVE
added 2015/07/08 2:0 p.m.1003 views

CVE-2015-5119

The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...

10CVSS7.8AI score0.99344EPSS
In wild
CVE
CVE
added 2015/06/23 9:0 p.m.992 views

CVE-2015-3113

CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...

10CVSS8.2AI score0.9994EPSS
In wild
CVE
CVE
added 2015/08/08 12:0 a.m.972 views

CVE-2015-4495

CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...

8.8CVSS6.6AI score0.70226EPSS
In wildWeb
CVE
CVE
added 2015/04/01 12:0 a.m.947 views

CVE-2015-2808

CVE-2015-2808 concerns RC4 usage in TLS/SSL within OpenJDK/OpenJDK components. The Invariance Weakness (Bar Mitzvah) means RC4 key material can leak partial plaintext from the first bytes of a TLS/SSL stream, enabling plaintext-recovery under certain traffic patterns. Public advisories for OpenJD...

5CVSS4.8AI score0.74006EPSS
CVE
CVE
added 2015/07/14 10:0 a.m.941 views

CVE-2015-5122

CVE-2015-5122 involves a Use-After-Free in the DisplayObject class of the AS3 Flash Player. It affects Flash Player 13.x–18.x on Windows/macOS, 11.x–11.2.x on Linux, and 12.x–18.0.0.204 on Linux Chrome. The flaw, triggered by improper handling of the opaqueBackground property, enables remote code...

10CVSS9.6AI score0.93688EPSS
In wild
CVE
CVE
added 2015/07/14 10:0 a.m.916 views

CVE-2015-5123

CVE-2015-5123 describes a use-after-free in the BitmapData class of the ActionScript 3 (AS3) implementation in Adobe Flash Player . The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by crafting Flash content that overrides a value...

10CVSS9.6AI score0.18493EPSS
In wild
CVE
CVE
added 2015/01/23 9:0 p.m.915 views

CVE-2015-0311

CVE-2015-0311 affects Adobe Flash Player on Windows/macOS up to 16.0.0.287 and Linux 11.2.202.438, described as an unspecified vulnerability that allowed remote code execution via unknown vectors. Exploitation in the wild was reported in January 2015. Connected sources confirm this is a remote-co...

10CVSS7.7AI score0.8582EPSS
In wild
CVE
CVE
added 2016/06/16 2:0 p.m.903 views

CVE-2016-4171

CVE-2016-4171 is an unspecified memory-corruption vulnerability in Adobe Flash Player 21.0.0.242 and earlier that allows remote code execution. The vulnerability was leveraged in the wild in June 2016. Affected product: Flash Player. Root cause and exact vectors are not detailed in the provided d...

10CVSS9.6AI score0.19903EPSS
In wild
CVE
CVE
added 2026/04/22 8:15 a.m.845 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2016/04/21 10:0 a.m.780 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2019/06/18 11:28 p.m.686 views

CVE-2019-11038

CVE-2019-11038 affects the GD Graphics Library (LibGD) 2.2.5 as used in the PHP gd extension. The flaw arises in gdImageCreateFromXbm(), where input data can cause the function to use an uninitialized variable, potentially leaking contents from stack memory. Affected PHP branches are 7.1.x below ...

5.3CVSS5.5AI score0.04332EPSS
CVE
CVE
added 2016/03/09 11:0 p.m.553 views

CVE-2016-1286

CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...

8.6CVSS8.2AI score0.621EPSS
CVE
CVE
added 2018/01/03 6:0 a.m.549 views

CVE-2017-18017

CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....

10CVSS9.5AI score0.52841EPSS
CVE
CVE
added 2016/03/09 11:0 p.m.454 views

CVE-2016-1285

CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...

6.8CVSS7.2AI score0.59143EPSS
CVE
CVE
added 2016/05/26 4:0 p.m.411 views

CVE-2016-0718

CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...

9.8CVSS8.7AI score0.13335EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.396 views

CVE-2017-13081

CVE-2017-13081 describes a KRACK-class flaw in WPA/WPA2 where the Integrity Group Temporal Key (IGTK) can be reinstalled during the group key handshake. This enables an attacker within radio range to spoof frames from APs to clients, potentially undermining confidentiality and integrity of WPA/WP...

5.3CVSS6.7AI score0.02003EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.384 views

CVE-2017-13079

CVE-2017-13079 is a KRACK-type vulnerability affecting WPA/WPA2 where reinstallation of the Integrity Group Temporal Key (IGTK) can occur during the 4-way handshake. An attacker in radio range can spoof frames from APs to clients by exploiting IGTK reinstallation. Public disclosures and advisorie...

5.3CVSS6.6AI score0.02124EPSS
CVE
CVE
added 2017/10/17 2:0 a.m.379 views

CVE-2017-13077

CVE-2017-13077 is a KRACK-related vulnerability affecting Wi‑Fi (WPA/WPA2) where an attacker within radio range can force PTK nonce reuse during the four‑way handshake, enabling replay, decryption, or spoofing of frames. The initial description confirms the vulnerability and impact. Connected doc...

6.8CVSS7.3AI score0.02388EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.379 views

CVE-2017-13080

CVE-2017-13080 corresponds to the WPA2/Wi‑Fi Key Reinstallation Attack (KRACK) risk, where a network-adjacent attacker can leverage a flaw in the group key handshake to reinstall GTK keys and replay frames. The core description in the initial document confirms: an attacker in radio range can repl...

5.3CVSS6.9AI score0.02285EPSS
CVE
CVE
added 2015/07/23 12:0 a.m.340 views

CVE-2015-1283

The material confirms CVE-2015-1283 is an Expat XML_GetBuffer integer/heap overflow issue, with impact on multiple products using expat up to 2.1.0 (e.g., Chrome before 44.0.2403.89). Related CVEs include CVE-2015-2716 and CVE-2016-4472 (note: the latter indicates the overflow protection was remo...

6.8CVSS8.4AI score0.19069EPSS
CVE
CVE
added 2016/02/18 9:0 p.m.301 views

CVE-2015-7547

CVE-2015-7547 refers to a stack-based buffer overflow in the GLIBC libresolv DNS resolver path, triggered by dual A/AAAA DNS queries in getaddrinfo. The vulnerability could allow remote code execution or crash the process when handling crafted DNS responses, with exploitation possible via the nss...

8.1CVSS8.4AI score0.89557EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.294 views

CVE-2017-17805

CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...

7.8CVSS7.5AI score0.00428EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.291 views

CVE-2017-13078

CVE-2017-13078 is part of the KRACK family impacting WPA2. A attacker in Wi‑Fi range could reinstall the GTK during the 4‑way handshake, replaying frames to clients. Apple addresses this via security updates (e.g., HT208221/HT208222) for macOS High Sierra/Sierra and related AirPort firmware; exac...

5.3CVSS6.7AI score0.0207EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.283 views

CVE-2017-13082

CVE-2017-13082 is one of the KRACK-class WPA2 flaws. Android/Arch/Debian/CentOS references describe an issue where a retransmitted FT Reassociation Request can reinstall the PTK during processing, enabling a nearby attacker to replay, decrypt, or spoof frames. Impact described across sources incl...

8.1CVSS7.7AI score0.04575EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.261 views

CVE-2017-13087

CVE-2017-13087 affects WPA/WPA2 (WPA2) implementations in wpa_supplicant/wpa and is part of the KRACK family. The issue is a GTK reinstallation triggered when processing a Wireless Network Management Sleep Mode Response frame, allowing an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01742EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.247 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2015/11/13 2:0 a.m.247 views

CVE-2015-8126

CVE-2015-8126 concerns libpng buffer overflows in png_set_PLTE and png_get_PLTE caused by improper bounds checks. Affected ranges include libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Exploitation via a small bit-...

7.5CVSS7.9AI score0.10339EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.244 views

CVE-2018-19542

CVE-2018-19542 affects JasPer 2.0.14. The vulnerability is a NULL pointer dereference in jp2_decode (libjasper/jp2/jp2_dec.c) that leads to a denial of service. The connected documents confirm the issue and cite unpatched status on several Red Hat releases (RHEL 6/7/8) via Nessus entries, but do ...

6.5CVSS6.5AI score0.01946EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.243 views

CVE-2017-13086

CVE-2017-13086 affects WPA/WPA2, specifically the TDLS handshake where the TDLS PeerKey (TPK) can be reinstalled. The root cause is key reinstallation during the TDLS handshake, enabling an attacker within radio range to replay, decrypt, or spoof frames. This vulnerability is documented across mu...

6.8CVSS7.2AI score0.02046EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.241 views

CVE-2017-13088

CVE-2017-13088 is part of the KRACK family affecting WPA/WPA2 (802.11) where reinstallation of the Integrity Group Temporal Key (IGTK) can occur while processing a Wireless Network Management Sleep Mode Response frame. The flaw enables an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01807EPSS
CVE
CVE
added 2018/10/31 4:0 p.m.231 views

CVE-2018-18873

CVE-2018-18873 affects JasPer 2.0.14 with a NULL pointer dereference in ras_putdatastd (ras_enc.c), which can cause a crash. The Connected documents confirm the vulnerability and its presence in JasPer 2.0.14 but do not provide a specific patch version or remediation details in the supplied mater...

5.5CVSS6.1AI score0.01374EPSS
CVE
CVE
added 2014/04/14 4:0 p.m.207 views

CVE-2010-5298

CVE-2010-5298 – OpenSSL race condition in ssl3_read_bytes (s3_pkt.c) . OpenSSL versions up to 1.0.1g are affected when SSL_MODE_RELEASE_BUFFERS is enabled, enabling a remote attacker to inject data across sessions or cause a denial of service (use-after-free and parsing error) over an SSL connect...

4CVSS7AI score0.34132EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.207 views

CVE-2017-17806

CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...

7.8CVSS7.4AI score0.00561EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.190 views

CVE-2018-19539

CVE-2018-19539 (JasPer 2.0.14) : An access violation in libjasper/base/jas_image.c:jas_image_readcmpt can cause a denial of service. Affected component is jas_image_readcmpt in JasPer 2.0.14; root cause is an access violation leading to crash/DoS. Public remediation/fix details are not provided i...

6.5CVSS6.5AI score0.01946EPSS
CVE
CVE
added 2021/06/02 1:54 p.m.187 views

CVE-2018-10195

CVE-2018-10195 affects lrzsz prior to 0.12.21~rc. The issue stems from an incorrect length check in zsdata that can cause a size_t wraparound, potentially leaking information to the receiving side. Public sources consistently describe an information leak risk and, in distributions, a fix/update i...

7.1CVSS6.5AI score0.00391EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.185 views

CVE-2018-19541

CVE-2018-19541 : A heap-based buffer over-read of size 8 exists in the function jas_image_depalettize (libjasper/base/jas_image.c) in JasPer, affecting versions from 1.900.8 up to 2.0.16 listed in the Initial document. The vulnerability can cause a crash and may enable memory access issues. The C...

8.8CVSS7.2AI score0.02802EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.184 views

CVE-2015-7976

CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...

4.3CVSS5.6AI score0.03483EPSS
CVE
CVE
added 2014/06/05 9:0 p.m.181 views

CVE-2014-0221

The CVE concerns OpenSSL: the function dtls1_get_message_fragment in d1_both.c is vulnerable to a DoS via an invalid DTLS handshake. Affected are OpenSSL binaries prior to 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. In practice, a remote attacker can trigger recursion and a client cras...

4.3CVSS6.8AI score0.87892EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.178 views

CVE-2014-9584

CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...

2.1CVSS4.5AI score0.00461EPSS
Total number of security vulnerabilities171