Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SuseLinux Enterprise Desktop

83 matches found

CVE
CVEadded 2014/06/05 9:55 p.m.12807 views

CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certifi...

4.3CVSS7.4AI score0.8995EPSS
CVE
CVEadded 2014/02/06 5:44 a.m.12371 views

CVE-2014-1491

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS8.4AI score0.00607EPSS
CVE
CVEadded 2015/05/21 12:59 a.m.1161 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.93905EPSS
In wild
CVE
CVEadded 2007/12/13 6:46 p.m.270 views

CVE-2007-5000

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified v...

4.3CVSS8AI score0.88746EPSS
CVE
CVEadded 2011/04/04 12:27 p.m.216 views

CVE-2011-1083

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

4.9CVSS5.9AI score0.00182EPSS
CVE
CVEadded 2014/04/14 10:38 p.m.164 views

CVE-2010-5298

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment...

4CVSS7AI score0.10661EPSS
CVE
CVEadded 2017/01/30 9:59 p.m.163 views

CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

4.3CVSS5.6AI score0.02732EPSS
CVE
CVEadded 2012/06/09 12:55 a.m.156 views

CVE-2012-2038

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended...

4.3CVSS5.9AI score0.01362EPSS
CVE
CVEadded 2014/06/05 9:55 p.m.155 views

CVE-2014-0221

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

4.3CVSS6.8AI score0.8089EPSS
CVE
CVEadded 2014/05/06 10:44 a.m.148 views

CVE-2014-0198

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via v...

4.3CVSS7.4AI score0.34862EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.139 views

CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS4.8AI score0.00555EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.132 views

CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

4CVSS4.8AI score0.00573EPSS
CVE
CVEadded 2016/04/27 5:59 p.m.130 views

CVE-2016-2782

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) in...

4.9CVSS6.1AI score0.00473EPSS
CVE
CVEadded 2010/12/06 9:5 p.m.124 views

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing networ...

4.3CVSS6.6AI score0.07183EPSS
CVE
CVEadded 2015/04/16 4:59 p.m.123 views

CVE-2015-0441

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.

4CVSS4.8AI score0.00543EPSS
CVE
CVEadded 2016/04/21 10:59 a.m.123 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00419EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.122 views

CVE-2015-2575

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

4.9CVSS7.4AI score0.00438EPSS
CVE
CVEadded 2015/04/16 5:0 p.m.121 views

CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.8AI score0.00501EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.120 views

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

4CVSS5.1AI score0.00362EPSS
CVE
CVEadded 2013/01/13 8:55 p.m.119 views

CVE-2013-0748

The XBL.proto .toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR pro...

4.3CVSS9.2AI score0.00306EPSS
CVE
CVEadded 2010/09/21 6:0 p.m.116 views

CVE-2010-3067

Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.

4.9CVSS6.8AI score0.00082EPSS
Web
CVE
CVEadded 2011/01/03 8:0 p.m.115 views

CVE-2010-4163

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.

4.7CVSS6.8AI score0.00082EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.113 views

CVE-2014-6559

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.

4.3CVSS5.6AI score0.01256EPSS
CVE
CVEadded 2014/07/17 5:10 a.m.112 views

CVE-2014-2494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

4CVSS6.1AI score0.00555EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.112 views

CVE-2014-6520

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.

4CVSS6.2AI score0.00844EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.111 views

CVE-2015-0391

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS6.1AI score0.00493EPSS
CVE
CVEadded 2010/10/04 9:0 p.m.110 views

CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDR...

4.7CVSS6.5AI score0.00172EPSS
CVE
CVEadded 2013/07/17 1:41 p.m.107 views

CVE-2013-3802

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

4CVSS4.3AI score0.00501EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.107 views

CVE-2014-6494

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.

4.3CVSS6.4AI score0.01871EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.107 views

CVE-2015-0381

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

4.3CVSS6.6AI score0.06332EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.107 views

CVE-2015-0382

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

4.3CVSS6.6AI score0.06332EPSS
CVE
CVEadded 2012/10/29 6:55 p.m.104 views

CVE-2012-4194

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to con...

4.3CVSS8.2AI score0.01358EPSS
CVE
CVEadded 2014/02/06 5:44 a.m.103 views

CVE-2014-1489

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

4.3CVSS8.7AI score0.01246EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.103 views

CVE-2014-6496

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.

4.3CVSS6.4AI score0.01871EPSS
CVE
CVEadded 2015/01/21 7:59 p.m.103 views

CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

4CVSS6.1AI score0.00547EPSS
CVE
CVEadded 2013/12/11 3:55 p.m.102 views

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

4.3CVSS7.7AI score0.00739EPSS
Web
CVE
CVEadded 2014/10/15 10:55 p.m.101 views

CVE-2014-6505

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.

4CVSS6.2AI score0.00844EPSS
CVE
CVEadded 2009/03/25 1:30 a.m.100 views

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

4.9CVSS4.4AI score0.00801EPSS
CVE
CVEadded 2013/07/17 1:41 p.m.100 views

CVE-2013-3783

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.

4CVSS5AI score0.00557EPSS
CVE
CVEadded 2014/10/15 3:55 p.m.100 views

CVE-2014-4287

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.

4CVSS6.2AI score0.00844EPSS
CVE
CVEadded 2010/12/30 7:0 p.m.99 views

CVE-2010-3849

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

4.7CVSS5.7AI score0.00195EPSS
CVE
CVEadded 2012/11/21 12:55 p.m.99 views

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote ...

4.3CVSS7.8AI score0.01708EPSS
CVE
CVEadded 2013/07/17 1:41 p.m.99 views

CVE-2013-3804

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.3AI score0.00651EPSS
CVE
CVEadded 2015/11/09 3:59 a.m.99 views

CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

4CVSS6.9AI score0.04923EPSS
CVE
CVEadded 2014/10/15 3:55 p.m.98 views

CVE-2014-6464

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.

4CVSS5.6AI score0.00997EPSS
CVE
CVEadded 2010/12/29 6:0 p.m.97 views

CVE-2010-3874

Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect oper...

4CVSS7AI score0.00096EPSS
CVE
CVEadded 2013/07/17 1:41 p.m.97 views

CVE-2013-3808

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

4CVSS4.2AI score0.0067EPSS
CVE
CVEadded 2012/10/10 5:55 p.m.96 views

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions v...

4.3CVSS9AI score0.01538EPSS
CVE
CVEadded 2014/10/15 3:55 p.m.96 views

CVE-2014-6484

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.

4CVSS6.2AI score0.00844EPSS
CVE
CVEadded 2011/01/03 8:0 p.m.95 views

CVE-2010-4162

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

4.7CVSS6.6AI score0.00082EPSS
Total number of security vulnerabilities83