Lucene search

K
SuseLinux Enterprise Server

472 matches found

CVE
CVE
added 2009/03/30 4:30 p.m.61 views

CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows...

7.8CVSS7.4AI score0.00084EPSS
CVE
CVE
added 2008/03/19 10:44 a.m.60 views

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5CVSS8.6AI score0.04745EPSS
CVE
CVE
added 2013/05/13 11:55 p.m.60 views

CVE-2013-2020

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

5CVSS8.8AI score0.10664EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.60 views

CVE-2014-1484

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

5CVSS8.5AI score0.00632EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.60 views

CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

4.3CVSS9AI score0.00611EPSS
CVE
CVE
added 2017/03/17 2:59 p.m.60 views

CVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

9.8CVSS8.7AI score0.01316EPSS
CVE
CVE
added 2020/01/27 3:15 p.m.58 views

CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

6.8CVSS6.4AI score0.00065EPSS
CVE
CVE
added 2023/02/15 10:15 a.m.58 views

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. ...

7.8CVSS7.1AI score0.00049EPSS
CVE
CVE
added 2023/03/01 8:15 p.m.58 views

CVE-2023-23005

In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_mem...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.57 views

CVE-2012-4204

The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

9.3CVSS8.9AI score0.03013EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.57 views

CVE-2012-4212

Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS8.8AI score0.02155EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.56 views

CVE-2012-3983

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.00771EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.56 views

CVE-2012-4218

Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS8.8AI score0.02155EPSS
CVE
CVE
added 2016/04/08 3:59 p.m.55 views

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 a...

6.2CVSS6AI score0.00134EPSS
CVE
CVE
added 2020/08/07 10:15 a.m.55 views

CVE-2020-8025

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the ...

9.3CVSS7.4AI score0.001EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.53 views

CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

5.8CVSS8.9AI score0.00229EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.51 views

CVE-2015-2576

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.

2.1CVSS5.2AI score0.00093EPSS
CVE
CVE
added 2014/06/17 3:55 p.m.50 views

CVE-2014-4038

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.

4.4CVSS6.2AI score0.00058EPSS
CVE
CVE
added 2014/06/17 3:55 p.m.43 views

CVE-2014-4039

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.

2.1CVSS5.6AI score0.00063EPSS
CVE
CVE
added 2018/09/05 5:29 p.m.40 views

CVE-2016-1000030

Pidgin version

9.8CVSS9.4AI score0.00778EPSS
CVE
CVE
added 2017/03/23 6:59 a.m.40 views

CVE-2016-1602

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2019/11/25 6:15 p.m.37 views

CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

9CVSS8.6AI score0.01199EPSS
Total number of security vulnerabilities472