Lucene search
K
SuseLinux Enterprise Server

474 matches found

CVE
CVE
added 2011/12/15 2:0 a.m.178 views

CVE-2011-4517

CVE-2011-4517 affects JasPer 1.900.1 used for JPEG-2000 decoding. The flaw is in libjasper/jpc/jpc_cs.c: jpc_crg_getparms uses an incorrect data type during a size calculation, enabling remote attackers to trigger a heap-based buffer overflow via a crafted CRG marker segment in a JPEG2000 file. C...

6.8CVSS5AI score0.10618EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.178 views

CVE-2014-9584

CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...

2.1CVSS4.5AI score0.00461EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.177 views

CVE-2012-4186

CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...

9.3CVSS9.6AI score0.147EPSS
CVE
CVE
added 2015/09/28 8:0 p.m.177 views

CVE-2015-1781

CVE-2015-1781 affects the GNU C Library (glibc/eglibc) NSS gethostbyname_r and related functions. A misaligned input buffer can cause a buffer overflow, leading to a crash or potentially arbitrary code execution via crafted DNS responses. Public advisories (Debian, Cloud Foundry, CentOS/RH, CNVD)...

6.8CVSS8.9AI score0.05012EPSS
CVE
CVE
added 2016/06/10 3:0 p.m.177 views

CVE-2016-5118

CVE-2016-5118 affects GraphicsMagick and ImageMagick: the OpenBlob handling accepts a leading ‘|’ pipe in a filename, enabling remote code execution. Connected advisories confirm the issue and note remediation by upgrading to at least GraphicsMagick 1.3.24 (and corresponding ImageMagick fixes) an...

10CVSS9.5AI score0.49982EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.176 views

CVE-2015-5165

CVE-2015-5165 affects the RTL8139 emulation in QEMU (C+ mode offload) used by Xen 4.5.x and earlier. A remote attacker could read heap memory in the QEMU process via unspecified vectors, potentially exposing host data. Public sources in connected docs document this as an information-leak flaw in ...

9.3CVSS6.5AI score0.13288EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.175 views

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

9.3CVSS8.8AI score0.0399EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.175 views

CVE-2015-2734

CVE-2015-2734 details (mode C): The vulnerability affects Mozilla Firefox (Direct3D 9 implementation) in Windows builds prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1. The underlying issue is reading data from uninitialized memory locations in ...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.175 views

CVE-2018-19540

CVE-2018-19540 : In JasPer, there is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input (libjasper/base/jas_icc.c). Reported vulnerable versions include 1.900.8–1.900.31 and 2.0.0–2.0.16. The connected documents do not provide an explicit exploit path or patch details wit...

8.8CVSS7.4AI score0.02291EPSS
CVE
CVE
added 2014/05/06 10:0 a.m.174 views

CVE-2014-0198

The connected F5 advisory confirms CVE-2014-0198: the do_ssl3_write function in OpenSSL 1.x (up to 1.0.1g) with SSL_MODE_RELEASE_BUFFERS enabled can trigger a denial-of-service via a NULL pointer dereference in certain recursive alert paths. Impact is remote DoS; no exploitation details are provi...

4.3CVSS7.4AI score0.43828EPSS
CVE
CVE
added 2015/11/17 3:0 p.m.173 views

CVE-2015-0272

CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...

5CVSS5.9AI score0.05059EPSS
CVE
CVE
added 2009/02/22 10:0 p.m.172 views

CVE-2009-0040

The CVE-2009-0040 issue affects the PNG reference library (libpng) as used in pngcrush and other apps. A crafted PNG can trigger a free of an uninitialized pointer in png_read_png, pCAL chunk handling, or 16-bit gamma table setup, enabling denial of service or possibly arbitrary code execution. A...

6.8CVSS8.1AI score0.04825EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.171 views

CVE-2015-8776

The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...

9.1CVSS8.5AI score0.04613EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.171 views

CVE-2015-8816

CVE-2015-8816 affects the Linux kernel prior to 4.3.5, where hub_activate in drivers/usb/core/hub.c mishandles hub-interface data. Physically proximate attackers can unplug a USB hub to trigger invalid memory access and a system crash (DoS); impact may be unspecified otherwise. A fixed version ex...

7.2CVSS7AI score0.00544EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.169 views

CVE-2013-0754

CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...

9.3CVSS9.4AI score0.05381EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.169 views

CVE-2016-4956

ntpd (NTP 4.x) before 4.2.8p8 is vulnerable to DoS via a spoofed broadcast packet, triggering interleaved-mode transitions and time changes. This exists due to an incomplete fix for CVE-2016-1548. Exploitation can disrupt time synchronization, with public advisories linking the issue to broadcast...

5.3CVSS6.4AI score0.16351EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.168 views

CVE-2014-9585

CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...

2.1CVSS4.9AI score0.00557EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.163 views

CVE-2015-2738

CVE-2015-2738 affects Mozilla Firefox (before 39.0; ESR 31.x before 31.8 and 38.x before 38.1) and Thunderbird (before 38.1). The issue is a read from uninitialized memory in YCbCrImageDataDeserializer::ToDataSourceSurface, with unspecified impact and attack vectors. No remediation details are pr...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2019/11/15 3:44 p.m.163 views

CVE-2016-5285

CVE-2016-5285 is a NULL pointer dereference in Mozilla NSS caused by a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime. The vulnerability can allow a remote attacker to crash a TLS/SSL server (Denial of Service). Affected context in the provided documents includes NS...

7.5CVSS7.2AI score0.02279EPSS
CVE
CVE
added 2016/06/27 10:0 a.m.162 views

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

7.5CVSS6.9AI score0.05521EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.161 views

CVE-2013-0750

CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...

9.3CVSS9.6AI score0.0633EPSS
CVE
CVE
added 2018/10/23 12:0 a.m.161 views

CVE-2018-18585

CVE-2018-18585 affects libmspack prior to 0.8alpha, where chmd_read_headers in mspack/chmd.c accepts a filename with a NULL byte as the first or second character (e.g., "/\0"). Multiple downstream advisories reference this CVE and link to libmspack updates; Amazon Linux 2 ALAS2-2019-1310 explicit...

4.3CVSS5.3AI score0.03059EPSS
CVE
CVE
added 2010/12/06 9:0 p.m.160 views

CVE-2010-4180

OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...

4.3CVSS6.6AI score0.09497EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.160 views

CVE-2015-0433

The CVE-2015-0433 entry concerns an unspecified vulnerability in Oracle MySQL Server (affected versions: 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via InnoDB : DML. Connected advisories from Debian, CentOS, Gentoo, and IBM/Tivoli sh...

4CVSS4.8AI score0.05421EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.160 views

CVE-2015-2573

CVE-2015-2573 is an unspecified vulnerability in Oracle MySQL Server (affecting 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via DDL-related vectors. The connected documents confirm this CVE appears in multiple security advisories acro...

4CVSS4.8AI score0.0511EPSS
CVE
CVE
added 2018/10/09 10:0 p.m.160 views

CVE-2018-17962

CVE-2018-17962 is a QEMU vulnerability: a buffer overflow in pcnet_receive() in hw/net/pcnet.c caused by an incorrect integer data type. The Initial Description confirms the flaw; connected Nessus advisories reference this CVE among other QEMU issues. The provided documents do not include the fix...

7.5CVSS8.5AI score0.04503EPSS
CVE
CVE
added 2020/03/02 3:20 p.m.160 views

CVE-2019-18897

CVE-2019-18897 is a local privilege escalation in Salt packaging on SUSE/OpenSUSE derivatives (SUSE SLES 12/15 and openSUSE Factory) due to a UNIX Symlink Following vulnerability in salt-master packaging. Affected: SUSE SLES 12 salt-master 2019.2.0-46.83.1 and prior; SLES 15 salt-master 2019.2.0-...

8.4CVSS7.7AI score0.00386EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.159 views

CVE-2013-0757

CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...

9.3CVSS9.1AI score0.60859EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.159 views

CVE-2015-2568

CVE-2015-2568 affects Oracle MySQL Server 5.5.41 and earlier and 5.6.22 and earlier. The vulnerability is described as unspecified with impact to availability, due to issues in the Server : Security : Privileges area. The provided sources indicate a remote attacker could cause a denial of service...

5CVSS5AI score0.0715EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.158 views

CVE-2012-1970

CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...

10CVSS9.8AI score0.05566EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.157 views

CVE-2016-4955

CVE-2016-4955 affects ntpd (NTP 4.x) prior to 4.2.8p8. When autokey is enabled, a remote attacker can cause a denial of service by sending a spoofed CRYPTO_NAK packet or a packet with an incorrect MAC at a specific time, which can trigger autokey association reset. Cloud/OS advisories confirm thi...

5.9CVSS6.3AI score0.08771EPSS
CVE
CVE
added 2013/12/12 6:0 p.m.156 views

CVE-2013-4458

CVE-2013-4458 describes a stack-based overflow in glibc's getaddrinfo (sysdeps/posix/getaddrinfo.c) that can cause DoS via a hostname or IP that yields many AF_INET6 results. Concrete tie-ins exist: CVE-2016-3706 notes this vulnerability exists due to an incomplete fix for CVE-2013-4458, and Debi...

5CVSS7.7AI score0.04154EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.156 views

CVE-2014-9761

The CVE-2014-9761 issue affects the GNU C Library (glibc) prior to 2.23. It involves stack-based buffer overflows in the nan, nanf, and nanl functions caused by long arguments, which could lead to denial of service or potentially arbitrary code execution. Mitigation in the provided documents reco...

9.8CVSS9AI score0.05506EPSS
CVE
CVE
added 2010/11/05 5:0 p.m.155 views

CVE-2010-3702

The CVE-2010-3702 issue affects the Xpdf PDF parser (Gfx::getPos) in Xpdf

7.5CVSS7.3AI score0.02757EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.155 views

CVE-2013-0748

CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...

4.3CVSS9.2AI score0.01998EPSS
CVE
CVE
added 2015/06/15 3:0 p.m.155 views

CVE-2015-3209

CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...

7.5CVSS6.5AI score0.09668EPSS
CVE
CVE
added 2020/03/02 4:35 p.m.155 views

CVE-2020-8013

CVE-2020-8013 is a UNIX symlink-following vulnerability in SUSE/openSUSE permissions chkstat. The issue occurs when chkstat follows symlinks, causing permissions intended for certain binaries to be applied to other binaries. Affected: SUSE Linux Enterprise Server 12, 15, and 11 permission profile...

2.5CVSS4AI score0.00317EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.154 views

CVE-2012-3990

CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...

9.3CVSS9.4AI score0.05201EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.153 views

CVE-2010-2753

CVE-2010-2753 affects Mozilla Firefox (3.5.x before 3.5.11; 3.6.x before 3.6.7), Thunderbird (3.0.x before 3.0.6; 3.1.x before 3.1.1), and SeaMonkey before 2.0.6. Root cause: integer overflow in the XUL tree selection attribute can trigger a use-after-free when handling a large selection in a XUL...

9.3CVSS9.7AI score0.06672EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.153 views

CVE-2012-1976

CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.153 views

CVE-2013-0800

CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...

6.8CVSS9.7AI score0.03941EPSS
CVE
CVE
added 2015/03/02 11:0 a.m.153 views

CVE-2014-8160

CVE-2014-8160 : In the Linux kernel, net/netfilter/nf_conntrack_proto_generic.c before 3.18 generates incorrect conntrack entries when handling certain iptables rule sets for SCTP, DCCP, GRE, and UDP-Lite. This can allow remote attackers to bypass intended access restrictions by sending packets w...

5CVSS5.7AI score0.05489EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.153 views

CVE-2015-2575

CVE-2015-2575 is described in connected docs as an unspecified vulnerability in Oracle MySQL Connector/J (MySQL Connectors component) affecting MySQL 5.1.34 and earlier, allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. The connected materials do not...

4.9CVSS7.4AI score0.0359EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.153 views

CVE-2018-19543

CVE-2018-19543 affects JasPer 2.0.14. The issue is a heap-based buffer over-read of size 8 in jp2_decode (libjasper/jp2/jp2_dec.c). Exploitation details, impact, affected platforms, and fixes are not provided beyond this description in the initial document. References to Jasper-related advisories...

7.8CVSS7.4AI score0.01553EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.152 views

CVE-2012-1972

CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.152 views

CVE-2014-4258

CVE-2014-4258 affects the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier, enabling remote authenticated users to impact confidentiality, integrity, and availability via SRINFOSC. Contained in multiple advisories; mitigations include upgrading MariaDB/Mysql-relate...

6.5CVSS6.1AI score0.03482EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.152 views

CVE-2016-0642

CVE-2016-0642 affects Oracle MySQL Server releases prior to 5.5.49/5.6.30/5.7.x (as cited in multiple advisories). Description: an unspecified vulnerability in the Federated component may lead to integrity and availability impact for local users. Connected sources confirm affected versions (5.5.4...

4.7CVSS4.2AI score0.0118EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.151 views

CVE-2013-0744

CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...

9.3CVSS9.6AI score0.06147EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.151 views

CVE-2014-1737

CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...

7.2CVSS6.2AI score0.00489EPSS
CVE
CVE
added 2014/07/03 1:0 a.m.151 views

CVE-2014-4608

CVE-2014-4608 refers to multiple integer overflows in the LZO decompressor (lzo1x_decompress_safe) in the Linux kernel before 3.15.2, which can cause memory corruption and denial of service via a crafted Literal Run. Some advisories note the Linux kernel is not affected (media hype), while securi...

7.5CVSS5.7AI score0.05421EPSS
In wild
Total number of security vulnerabilities474