Lucene search
K
SuseLinux Enterprise Server

474 matches found

CVE
CVE
added 2020/03/02 4:45 p.m.151 views

CVE-2019-18902

CVE-2019-18902 is a Use After Free vulnerability in the Wicked service used by SUSE Linux Enterprise Server 12/15 and related openSUSE variants. The issue affects Wicked components prior to specific versions (SLES 12 <0.6.60-3.5.1; SLES 15 <0.6.60-3.21.1; openSUSE Leap 15.1 <0.6.60-lp151...

9.8CVSS8.7AI score0.02357EPSS
CVE
CVE
added 2011/01/03 7:26 p.m.149 views

CVE-2010-3876

CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...

1.9CVSS5.6AI score0.00377EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.149 views

CVE-2013-0746

CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...

9.3CVSS9.5AI score0.04485EPSS
CVE
CVE
added 2014/02/28 2:0 a.m.149 views

CVE-2014-1874

The CVE-2014-1874 entry is about the Linux kernel vulnerability in security/selinux/ss/services.c: the security_context_to_sid_core function before 3.13.4 allows local users with CAP_MAC_ADMIN to set a zero-length security context, causing a denial of service (system crash). Affected product: Lin...

4.9CVSS5.9AI score0.006EPSS
CVE
CVE
added 2014/08/01 10:0 a.m.149 views

CVE-2014-5077

CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...

7.1CVSS6.2AI score0.05794EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.149 views

CVE-2016-2782

CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...

4.9CVSS6.1AI score0.01648EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.148 views

CVE-2010-4158

The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...

2.1CVSS5.6AI score0.00868EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.148 views

CVE-2015-4830

CVE-2015-4830 corresponds to an unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier. The description states remote authenticated users can affect integrity via unknown vectors related to Server:Security:Privileges. Connected documents (F5/K59010802 advisory,...

4CVSS5.1AI score0.02982EPSS
CVE
CVE
added 2017/03/23 6:0 p.m.148 views

CVE-2016-9398

CVE-2016-9398 affects JasPer: the jpc_floorlog2 function in jpc_math.c is vulnerable in versions before 1.900.17, allowing remote attackers to trigger a denial of service (assertion failure) via unspecified vectors. Connected documents confirm the affected component and impact; no remediation det...

7.5CVSS7AI score0.05981EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.147 views

CVE-2012-4194

The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...

4.3CVSS8.2AI score0.02835EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.147 views

CVE-2015-0441

CVE-2015-0441 is an unspecified remote-authenticated vulnerability in Oracle MySQL Server 5.5.x (and earlier) affecting availability via unknown vectors in Server: Security: Encryption. Connected advisories confirm this CVE appears in multiple upstream/security notices and requires upgrading MySQ...

4CVSS4.8AI score0.04505EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.146 views

CVE-2012-3972

CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...

5CVSS8.8AI score0.03957EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.146 views

CVE-2015-0501

CVE-2015-0501 is a MySQL Server vulnerability affecting 5.5.42 and earlier and 5.6.23 and earlier, where an unspecified issue in Server: Compiling could allow a remote authenticated user to disrupt availability. The connected documents confirm that exploitation details are not provided, and the a...

5.7CVSS4.8AI score0.09984EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.146 views

CVE-2015-8779

CVE-2015-8779 affects the GNU C Library (glibc). The vulnerability is a stack-based buffer overflow in the catopen() function when handling long catalog names, which can cause an application crash (DoS) or potentially allow arbitrary code execution. Affected products include glibc releases prior ...

9.8CVSS9.2AI score0.05966EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.145 views

CVE-2012-3960

CVE-2012-3960 is a use-after-free in mozSpellChecker::SetCurrentDictionary that affects Mozilla Firefox <15.0, Firefox ESR <10.0.7, Thunderbird <15.0 / ESR, and SeaMonkey

10CVSS9.4AI score0.05408EPSS
CVE
CVE
added 2017/03/15 7:0 p.m.145 views

CVE-2017-5898

CVE-2017-5898 affects Quick Emulator (QEMU) when built with CCID Card device emulator support. The vulnerability is an integer overflow in the emulated_apdu_from_guest function (usb/dev-smartcard-reader.c) that allows a local user to crash the QEMU host process by sending a large APDU unit, causi...

5.5CVSS5.7AI score0.004EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.144 views

CVE-2010-2249

CVE-2010-2249 affects libpng: memory leak in pngrutil.c when processing certain PNG chunks (notably sCAL). Versions affected are libpng before 1.2.44 and 1.4.x before 1.4.3; exploitation can cause a denial of service via memory consumption and application crash. Remediation per connected sources ...

6.5CVSS7.4AI score0.02628EPSS
CVE
CVE
added 2010/11/29 3:0 p.m.144 views

CVE-2010-4073

CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...

1.9CVSS5.7AI score0.01542EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.143 views

CVE-2012-0442

CVE-2012-0442 covers multiple memory-safety vulnerabilities in the Mozilla browser engine affecting Firefox before 3.6.26 and 4.x–9.0, Thunderbird before 3.1.18 and 5.0–9.0, and SeaMonkey before 2.7. The issues can cause memory corruption, application crashes, or potentially remote code execution...

9.3CVSS10AI score0.04597EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.143 views

CVE-2015-8778

CVE-2015-8778 affects the GNU C Library (glibc) prior to 2.23, where an integer/size argument in hcreate_r can trigger an out-of-bounds heap access, potentially causing denial of service or arbitrary code execution. Connected advisories detail that multiple products (notably glibc-containing pack...

9.8CVSS9.1AI score0.05515EPSS
CVE
CVE
added 2009/08/11 6:0 p.m.142 views

CVE-2009-2416

CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....

6.5CVSS6.7AI score0.01808EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.142 views

CVE-2012-3986

CVE-2012-3986 affects Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8), Thunderbird prior to 16.0, and SeaMonkey before 2.13. The root cause is that certain DOMWindowUtils (nsDOMWindowUtils) methods were not protected by security checks, allowing remote JavaScript to bypass in...

4.3CVSS9AI score0.02512EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.142 views

CVE-2013-0755

CVE-2013-0755 refers to a use-after-free in the mozVibrate implementation of the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. The vulnerability allows remote code execution...

9.3CVSS9.3AI score0.06853EPSS
CVE
CVE
added 2014/03/11 1:0 a.m.142 views

CVE-2014-2309

CVE-2014-2309 affects the Linux kernel (net/ipv6/route.c, function ip6_route_add) up to version 3.13.6. It causes memory exhaustion via a flood of ICMPv6 Router Advertisement packets, enabling a remote attacker to trigger DoS. The connected Nessus/OpenVAS advisories reference Unity Linux security...

6.1CVSS6AI score0.02426EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.142 views

CVE-2014-6469

CVE-2014-6469 is an unspecified vulnerability in Oracle MySQL Server affecting 5.5.39 and earlier and 5.6.20 and earlier, enabling remote authenticated users to affect availability via SERVER:OPTIMIZER. Connected advisories indicate remediation through upgrading MySQL to 5.5.40 or newer (e.g., De...

6.8CVSS5.6AI score0.04408EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.142 views

CVE-2015-0499

CVE-2015-0499 is a documented, non-query vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier, affecting the Server Federated component and capable of denial of service by remote authenticated users. Public details confirm the issue but do not provide exploit specifics. ...

3.5CVSS4.8AI score0.04757EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.142 views

CVE-2016-4953

CVE-2016-4953 affects ntpd (NTP 4.x) and relates to DoS via crafted CRYPTO_NAK or spoofed packets that can demobilize ephemeral associations, potentially disrupting time synchronization. Connected docs confirm multiple ntpd-family vulnerabilities (CVE-2016-4953/4954/4955/4956/4957) with root caus...

7.5CVSS7.3AI score0.17245EPSS
CVE
CVE
added 2020/03/02 4:45 p.m.142 views

CVE-2019-18903

CVE-2019-18903 describes a Use-After-Free in the wicked service across SUSE/openSUSE products. Affected: SUSE Linux Enterprise Server 12 wicked < 0.6.60-2.18.1 and SLES 15 wicked < 0.6.60-28.26.1; openSUSE Leap 15.1 wicked < 0.6.60-lp151.2.9.1; openSUSE Factory wicked

9.8CVSS8.7AI score0.02357EPSS
CVE
CVE
added 2020/01/24 8:25 a.m.142 views

CVE-2019-3687

CVE-2019-3687 affects the permissions package in SUSE/openSUSE SLE/OpenSUSE, allowing local users to run dumpcap with the easy permission profile and sniff network traffic. Affected range: permissions versions from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119...

4CVSS3.9AI score0.00275EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.141 views

CVE-2012-0879

CVE-2012-0879 affects the Linux kernel prior to 2.6.33, where the I/O implementation for block devices mishandles the CLONE_IO feature. Local attackers can create multiple processes sharing an I/O context, causing I/O instability and a denial of service. The vulnerability is evidenced across mult...

5.5CVSS5AI score0.00468EPSS
CVE
CVE
added 2012/11/23 8:0 p.m.141 views

CVE-2012-3515

CVE-2012-3515 affects QEMU (as used in Xen 4.0/4.1) where emulating certain devices with a virtual console backend lets local guest OS users gain privileges via a crafted escape VT100 sequence that overwrites a device model’s address space. Connected documents confirm this CVE is included in mult...

7.2CVSS5.9AI score0.00528EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.141 views

CVE-2014-1489

Technical details for CVE-2014-1489 are not publicly available in the provided documents. Monitor for updates from vendors and vulnerability feeds.

4.3CVSS8.7AI score0.01932EPSS
CVE
CVE
added 2015/01/21 3:0 p.m.141 views

CVE-2014-6568

CVE-2014-6568 is an Oracle MySQL/MariaDB vulnerability affecting InnoDB DML leading to potential availability impact in MySQL Server 5.5.x (<=5.5.40) and 5.6.x (

3.5CVSS6.1AI score0.07135EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.140 views

CVE-2013-0768

Technical details for CVE-2013-0768 are not publicly available in the provided documents. Monitor for updates.

9.3CVSS9.6AI score0.07633EPSS
CVE
CVE
added 2014/07/03 1:0 a.m.140 views

CVE-2014-4653

Summary (CVE-2014-4653) : The ALSA control implementation in the Linux kernel has a race/lock handling issue in sound/core/control.c. It does not ensure possession of a read/write lock, enabling a local attacker to trigger a denial of service (use-after-free) and to potentially read kernel memory...

4.6CVSS5.1AI score0.00498EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.139 views

CVE-2013-0760

CVE-2013-0760 describes a buffer overflow in Mozilla Firefox’s CharDistributionAnalysis::HandleOneChar, allowing remote code execution via a crafted document. Affected products per the description: Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15. Root cause is a memory c...

9.3CVSS9.4AI score0.05334EPSS
Web
CVE
CVE
added 2014/03/24 10:0 a.m.139 views

CVE-2014-0131

CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...

2.9CVSS5.8AI score0.00675EPSS
CVE
CVE
added 2014/07/17 2:36 a.m.139 views

CVE-2014-2494

CVE-2014-2494 is an unspecified vulnerability in the MySQL/MariaDB MySQL Server component (affecting Oracle MySQL 5.5.37 and earlier) that can allow remote authenticated users to affect availability via vectors related to ENARC. Connected sources also tie this CVE to MariaDB advisories and tracke...

4CVSS6.1AI score0.03482EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.139 views

CVE-2016-4954

The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...

7.5CVSS6.9AI score0.13208EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.138 views

CVE-2012-3991

CVE-2012-3991 affects Mozilla Firefox and related Mozilla products: Firefox and Firefox ESR before the 16.0 line, Thunderbird before 16.0, and SeaMonkey before 2.13 did not properly restrict JSAPI GetProperty access, bypassing the Same Origin Policy. This vulnerability could allow remote attacker...

9.3CVSS9.4AI score0.03078EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.138 views

CVE-2013-0749

CVE-2013-0749 describes multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (before 18.0) and related products (Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2 and ESR 17.x before 17.0.1, SeaMonkey before 2.15). The description states that remote attackers could c...

9.3CVSS9.8AI score0.05802EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.138 views

CVE-2015-8934

CVE-2015-8934 affects libarchive up to version 3.2.0, with a flaw in copy_from_lzss_window inside archive_read_support_format_rar.c that can trigger an out-of-bounds heap read via a crafted RAR file, leading to denial of service. Public advisories from multiple vendors describe this as part of a ...

5.5CVSS6AI score0.023EPSS
CVE
CVE
added 2008/01/18 10:0 p.m.137 views

CVE-2007-6427

CVE-2007-6427 affects the X.Org Xserver (XInput-Misc extension) prior to version 1.4.1. The root cause is missing input sanitising within the XInput‑Misc code, which can lead to local privilege escalation. In public advisories, this is described as a vulnerability in the XInput‑Misc path that all...

9.3CVSS9.8AI score0.04278EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.137 views

CVE-2011-3659

CVE-2011-3659 is a use-after-free in Mozilla Firefox (before 3.6.26 and 4.x through 9.0), Thunderbird (before 3.1.18 and 5.0 through 9.0), and SeaMonkey (before 2.7). The root cause is premature notification of AttributeChildRemoved that affects access to removed nsDOMAttribute child nodes, enabl...

9.3CVSS9.5AI score0.36511EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.137 views

CVE-2012-0449

CVE-2012-0449 affects Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7. Description: remote attackers can cause memory corruption and application crash, or possibly execute arbitrary code via a malformed XSLT stylesheet emb...

9.3CVSS9.9AI score0.05809EPSS
CVE
CVE
added 2014/02/28 2:0 a.m.137 views

CVE-2014-0069

The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...

7.2CVSS6.5AI score0.00414EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.137 views

CVE-2015-0505

CVE-2015-0505 affects Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier. An unspecified remote-authenticated vulnerability related to Data Definition Language (DDL) operations could cause a denial of service. Impact is limited to availability (partial). The public description does no...

3.5CVSS4.8AI score0.05046EPSS
CVE
CVE
added 2020/03/02 4:10 p.m.137 views

CVE-2019-18901

CVE-2019-18901 affects SUSE Linux Enterprise Server 12 (mariadb, prior to 10.2.31-3.25.1) and SLE 15 (mariadb, prior to 10.2.31-3.26.1). A UNIX symlink following in mysql-systemd-helper allows local attackers to change permissions of arbitrary files to 0640. The vulnerability is localized (LOCAL)...

5.5CVSS5.5AI score0.0038EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.136 views

CVE-2010-3850

CVE-2010-3850: In the Linux kernel, the ec_dev_ioctl function in net/econet/af_econet.c did not require CAP_NET_ADMIN, allowing local users to bypass access restrictions and configure econet addresses via an SIOCSIFADDR ioctl. Documented impact is local privilege/unauthorized configuration; fix a...

2.1CVSS5.8AI score0.00801EPSS
CVE
CVE
added 2010/11/30 10:0 p.m.136 views

CVE-2010-4081

CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...

1.9CVSS5.5AI score0.00393EPSS
Total number of security vulnerabilities474