Lucene search
K
SuseLinux Enterprise Server

474 matches found

CVE
CVE
added 2017/11/15 9:0 p.m.294 views

CVE-2017-15115

CVE-2017-15115: Linux kernel prior to 4.14 allows local users to trigger a denial of service (use-after-free in sctp_do_peeloff in net/sctp/socket.c) via crafted system calls. Impact is system crash; no explicit exploit details provided in the documents beyond this. The IBM bulletin references th...

7.8CVSS7.7AI score0.0047EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.294 views

CVE-2017-17805

CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...

7.8CVSS7.5AI score0.00428EPSS
CVE
CVE
added 2014/03/21 2:0 p.m.292 views

CVE-2014-2497

Summary of CVE-2014-2497 : The gdImageCreateFromXpm() function in libgd (libgd2) could dereference a NULL pointer when processing an XPM file with a crafted color table, leading to a denial of service (crash). Affected in PHP up to 5.4.26 and earlier. Public references and advisories confirm this...

4.3CVSS7AI score0.22319EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.292 views

CVE-2017-13078

CVE-2017-13078 is part of the KRACK family impacting WPA2. A attacker in Wi‑Fi range could reinstall the GTK during the 4‑way handshake, replaying frames to clients. Apple addresses this via security updates (e.g., HT208221/HT208222) for macOS High Sierra/Sierra and related AirPort firmware; exac...

5.3CVSS6.7AI score0.0207EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.284 views

CVE-2017-13082

CVE-2017-13082 is one of the KRACK-class WPA2 flaws. Android/Arch/Debian/CentOS references describe an issue where a retransmitted FT Reassociation Request can reinstall the PTK during processing, enabling a nearby attacker to replay, decrypt, or spoof frames. Impact described across sources incl...

8.1CVSS7.7AI score0.04575EPSS
CVE
CVE
added 2012/07/03 4:0 p.m.274 views

CVE-2011-4127

The CVE-2011-4127 entry is supported by connected advisory data that details the vulnerability in the Linux kernel prior to 3.2.2. Affected component: SG_IO ioctl handling in the kernel (SG_IO ioctls not properly restricted). Root cause: insufficient restriction of SG_IO commands, allowing a loca...

4.6CVSS6.4AI score0.00566EPSS
CVE
CVE
added 2009/04/17 2:0 p.m.264 views

CVE-2009-1185

CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...

7.2CVSS7.4AI score0.81528EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.261 views

CVE-2017-13087

CVE-2017-13087 affects WPA/WPA2 (WPA2) implementations in wpa_supplicant/wpa and is part of the KRACK family. The issue is a GTK reinstallation triggered when processing a Wireless Network Management Sleep Mode Response frame, allowing an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01742EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.258 views

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

10CVSS8.9AI score0.07936EPSS
CVE
CVE
added 2018/12/14 2:0 p.m.258 views

CVE-2018-16873

CVE-2018-16873 is a Go go get remote code execution vulnerability (GOPATH mode) where a malicious package import path can cause the parent directory to be treated as a Git repository root, leading to execution of commands from the repository’s config if it contains malicious directives. Connected...

8.1CVSS8.5AI score0.66252EPSS
Web
CVE
CVE
added 2013/01/13 8:0 p.m.256 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.256 views

CVE-2013-4002

CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...

7.1CVSS6.7AI score0.24738EPSS
CVE
CVE
added 2016/08/07 10:0 a.m.255 views

CVE-2016-5772

CVE-2016-5772 : A double free in the PHP WDDX extension (php_wddx_process_data in wddx.c) allows remote attackers to crash the application or potentially execute arbitrary code via crafted XML in wddx_deserialize. Affected PHP versions: before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8. Re...

9.8CVSS8.4AI score0.09674EPSS
CVE
CVE
added 2009/08/06 3:0 p.m.254 views

CVE-2009-2625

CVE-2009-2625 affects Apache Xerces2-Java (XML parser used by JRE/JDK) where parsing a malformed XML with systems DTD identifiers can cause DoS (hangs), via a vulnerability in SYSTEM handling in Xerces2 Java. Connected advisories confirm public fixes: Debian libxerces2-java updates (DSA-1984-1) a...

5CVSS6.1AI score0.3038EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.249 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.247 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2015/11/13 2:0 a.m.247 views

CVE-2015-8126

CVE-2015-8126 concerns libpng buffer overflows in png_set_PLTE and png_get_PLTE caused by improper bounds checks. Affected ranges include libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Exploitation via a small bit-...

7.5CVSS7.9AI score0.10339EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.244 views

CVE-2018-19542

CVE-2018-19542 affects JasPer 2.0.14. The vulnerability is a NULL pointer dereference in jp2_decode (libjasper/jp2/jp2_dec.c) that leads to a denial of service. The connected documents confirm the issue and cite unpatched status on several Red Hat releases (RHEL 6/7/8) via Nessus entries, but do ...

6.5CVSS6.5AI score0.01946EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.243 views

CVE-2017-13086

CVE-2017-13086 affects WPA/WPA2, specifically the TDLS handshake where the TDLS PeerKey (TPK) can be reinstalled. The root cause is key reinstallation during the TDLS handshake, enabling an attacker within radio range to replay, decrypt, or spoof frames. This vulnerability is documented across mu...

6.8CVSS7.2AI score0.02046EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.241 views

CVE-2017-13088

CVE-2017-13088 is part of the KRACK family affecting WPA/WPA2 (802.11) where reinstallation of the Integrity Group Temporal Key (IGTK) can occur while processing a Wireless Network Management Sleep Mode Response frame. The flaw enables an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01807EPSS
CVE
CVE
added 2011/04/03 1:0 a.m.240 views

CVE-2011-1083

The CVE-2011-1083 issue affects the Linux kernel epoll implementation (epoll_ctl/epoll_create) as shipped in 2.6.37.2 and earlier. Local attackers can cause CPU denial of service by crafting a user-space application that creates and manages epoll file descriptors, exploiting improper traversal of...

4.9CVSS5.9AI score0.00795EPSS
CVE
CVE
added 2009/07/30 7:0 p.m.239 views

CVE-2009-2408

CVE-2009-2408 affects Mozilla NSS up to 3.12.2/Firefox up to 3.0.12/ Thunderbird up to 2.0.0.22 and SeaMonkey up to 1.1.17. The issue is improper handling of a '\0' character in the domain name present in the certificate subject’s Common Name (CN) field of an X.509 certificate. This enables a man...

6.8CVSS6.1AI score0.05741EPSS
CVE
CVE
added 2013/03/28 11:0 p.m.239 views

CVE-2013-1861

CVE-2013-1861 affects MariaDB SQL branches (5.5.x up to 5.5.30, 5.3.x up to 5.3.13, 5.2.x up to 5.2.15, 5.1.x up to 5.1.68) and Oracle MySQL (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The vulnerability allows remote DoS (crash) via a crafted geometry feature with a large number...

5CVSS5.1AI score0.18675EPSS
CVE
CVE
added 2010/05/19 6:13 p.m.236 views

CVE-2010-1321

CVE-2010-1321 affects MIT Kerberos 5’s GSS-API library (krb5) in kg_accept_krb5/accept_sec_context.c. The flaw permits remote authenticated users to cause a denial of service via an AP-REQ with a missing authenticator checksum, triggering a NULL pointer dereference and daemon crash. Affected are ...

6.8CVSS5.4AI score0.06884EPSS
CVE
CVE
added 2018/12/14 2:0 p.m.233 views

CVE-2018-16874

CVE-2018-16874 affects Go’s go get in GOPATH mode when the import path contains curly braces, enabling an arbitrary filesystem write and potential code execution. The vulnerability is documented for Go <1.10.6 and

8.1CVSS8.2AI score0.05039EPSS
CVE
CVE
added 2018/10/31 4:0 p.m.232 views

CVE-2018-18873

CVE-2018-18873 affects JasPer 2.0.14 with a NULL pointer dereference in ras_putdatastd (ras_enc.c), which can cause a crash. The Connected documents confirm the vulnerability and its presence in JasPer 2.0.14 but do not provide a specific patch version or remediation details in the supplied mater...

5.5CVSS6.1AI score0.01374EPSS
CVE
CVE
added 2015/12/06 12:0 a.m.227 views

CVE-2015-3195

CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...

5.3CVSS6.3AI score0.38709EPSS
CVE
CVE
added 2012/12/03 11:0 a.m.219 views

CVE-2012-5612

CVE-2012-5612 describes a heap-based buffer overflow in Oracle MySQL 5.5.19–5.5.28 and MariaDB 5.5.28a (and possibly other versions), enabling remote authenticated users to cause memory corruption, crash the server, and potentially execute arbitrary code. The vulnerability is exploited via a vari...

6.5CVSS5.7AI score0.20837EPSS
CVE
CVE
added 2009/09/17 10:0 a.m.215 views

CVE-2009-3231

CVE-2009-3231 affects PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14. When LDAP authentication is used with anonymous binds, an remote attacker could authenticate with an empty password, bypassing authentication. The issue is documented in multiple sources (e.g., PostgreSQL release notes for 8...

6.8CVSS5.8AI score0.07568EPSS
CVE
CVE
added 2014/04/27 12:0 a.m.211 views

CVE-2014-0181

The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...

2.1CVSS6AI score0.00538EPSS
CVE
CVE
added 2022/02/18 11:23 p.m.208 views

CVE-2021-45082

CVE-2021-45082 affects Cobbler prior to 3.3.1. The issue resides in templar.py, where the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring (only lines starting with #import are blocked). This could enable unintended module ...

7.8CVSS7.5AI score0.00495EPSS
CVE
CVE
added 2014/04/14 4:0 p.m.207 views

CVE-2010-5298

CVE-2010-5298 – OpenSSL race condition in ssl3_read_bytes (s3_pkt.c) . OpenSSL versions up to 1.0.1g are affected when SSL_MODE_RELEASE_BUFFERS is enabled, enabling a remote attacker to inject data across sessions or cause a denial of service (use-after-free and parsing error) over an SSL connect...

4CVSS7AI score0.34132EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.207 views

CVE-2017-17806

CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...

7.8CVSS7.4AI score0.00561EPSS
CVE
CVE
added 2017/12/12 3:0 p.m.205 views

CVE-2017-17558

Technical details about CVE-2017-17558 are not publicly provided in the supplied documents. Monitor for official advisories for affected products, impact, and mitigations; no concrete exploit information or patch details are available here.

7.2CVSS7AI score0.0048EPSS
CVE
CVE
added 2011/12/15 2:0 a.m.203 views

CVE-2011-4516

CVE-2011-4516 affects JasPer, specifically the heap-based buffer overflow in the function jpc_cox_getcompparms (libjasper/jpc/jpc_cs.c) within JasPer 1.900.1. A crafted value in a COD (coding style default) marker segment of a JPEG2000 file can cause remote code execution or memory corruption, po...

6.8CVSS5.4AI score0.10618EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.202 views

CVE-2010-4258

The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...

6.2CVSS6AI score0.02655EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.202 views

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

7.5CVSS7.1AI score0.05839EPSS
CVE
CVE
added 2014/07/19 7:0 p.m.193 views

CVE-2014-4943

CVE-2014-4943 affects the Linux kernel up to 3.15.6, specifically the PPPoL2TP feature in net/l2tp/l2tp_ppp.c. The vulnerability arises from data-structure differences between an l2tp socket and an inet socket, enabling local privilege escalation. Public details in connected sources include PoC/e...

6.9CVSS6.3AI score0.02103EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.190 views

CVE-2018-19539

CVE-2018-19539 (JasPer 2.0.14) : An access violation in libjasper/base/jas_image.c:jas_image_readcmpt can cause a denial of service. Affected component is jas_image_readcmpt in JasPer 2.0.14; root cause is an access violation leading to crash/DoS. Public remediation/fix details are not provided i...

6.5CVSS6.5AI score0.01946EPSS
CVE
CVE
added 2009/08/27 5:0 p.m.187 views

CVE-2009-2698

CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...

7.8CVSS7.1AI score0.07121EPSS
In wild
CVE
CVE
added 2012/11/21 11:0 a.m.187 views

CVE-2012-5829

CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...

9.3CVSS9.2AI score0.08439EPSS
CVE
CVE
added 2021/06/02 1:54 p.m.187 views

CVE-2018-10195

CVE-2018-10195 affects lrzsz prior to 0.12.21~rc. The issue stems from an incorrect length check in zsdata that can cause a size_t wraparound, potentially leaking information to the receiving side. Public sources consistently describe an information leak risk and, in distributions, a fix/update i...

7.1CVSS6.5AI score0.00391EPSS
CVE
CVE
added 2012/06/16 9:0 p.m.186 views

CVE-2012-1717

CVE-2012-1717 is an unspecified local confidentiality vulnerability in the Java Runtime Environment affecting Oracle JRE 7u4 and earlier, 6u32 and earlier, 5u35 and earlier, and 1.4.2_37 and earlier, related to printing on Solaris/Linux. Connected documents (including IBM BigInsights/InfoSphere a...

2.1CVSS7.6AI score0.00476EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.185 views

CVE-2018-19541

CVE-2018-19541 : A heap-based buffer over-read of size 8 exists in the function jas_image_depalettize (libjasper/base/jas_image.c) in JasPer, affecting versions from 1.900.8 up to 2.0.16 listed in the Initial document. The vulnerability can cause a crash and may enable memory access issues. The C...

8.8CVSS7.2AI score0.02802EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.184 views

CVE-2015-7976

CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...

4.3CVSS5.6AI score0.03512EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.183 views

CVE-2015-5194

CVE-2015-5194: ntpd’s log_config_command in ntp_parser.y allows remote attackers to crash ntpd via crafted logconfig commands. Affected are ntpd before 4.2.7p42; remediation is to upgrade to a fixed version (4.2.7p42+). Connected advisories from F5/IBM detail affected products and patch guidance ...

7.5CVSS7.1AI score0.05536EPSS
CVE
CVE
added 2014/06/05 9:0 p.m.182 views

CVE-2014-0221

The CVE concerns OpenSSL: the function dtls1_get_message_fragment in d1_both.c is vulnerable to a DoS via an invalid DTLS handshake. Affected are OpenSSL binaries prior to 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. In practice, a remote attacker can trigger recursion and a client cras...

4.3CVSS6.8AI score0.87892EPSS
CVE
CVE
added 2022/04/27 12:0 a.m.182 views

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

7.8CVSS7.7AI score0.00562EPSS
CVE
CVE
added 2015/03/30 10:0 a.m.179 views

CVE-2013-6501

CVE-2013-6501 affects PHP before 5.6.7 where the default soap.wsdl_cache_dir in php.ini-production and php.ini-development points to /tmp, enabling local users to perform WSDL injection by creating a predictable file name used by get_sdl in ext/soap/php_sdl.c. Consequence described as easier loca...

4.6CVSS7AI score0.00578EPSS
CVE
CVE
added 2018/10/23 12:0 a.m.179 views

CVE-2018-18584

CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....

6.5CVSS6.6AI score0.03086EPSS
Total number of security vulnerabilities474