Lucene search
K
SuseLinux Enterprise Server

474 matches found

CVE
CVE
added 2014/10/15 3:15 p.m.120 views

CVE-2014-4287

CVE-2014-4287 describes an unspecified vulnerability in Oracle MySQL Server, affecting versions 5.5.38 and earlier and 5.6.19 and earlier, that allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. The description indicates the issue is focused on ...

4CVSS6.2AI score0.02667EPSS
CVE
CVE
added 2015/12/07 8:0 p.m.120 views

CVE-2015-5006

CVE-2015-5006 affects IBM SDK/Java Technology Edition (IBM Java Security Components) on multiple versions (8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, 6 before SR16 FP15). The root cause is exposure of Kerberos Credential Cache data, enabling physically proximate ...

2.1CVSS5.4AI score0.00482EPSS
CVE
CVE
added 2013/04/29 10:0 a.m.119 views

CVE-2013-3301

CVE-2013-3301 affects the Linux kernel ftrace implementation up to version before 3.8.8. Local users with CAP_SYS_ADMIN can write to either set_ftrace_pid or set_graph_function and trigger an lseek, leading to a NULL pointer dereference and possible system crash or other impact. Multiple connecte...

7.2CVSS5.6AI score0.00985EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.119 views

CVE-2013-3783

CVE-2013-3783 affects the MySQL Server component in Oracle MySQL 5.5.31 and earlier. The vulnerability is described as unspecified and allows remote authenticated users to affect availability via unknown vectors related to the Server Parser. Connected sources reference this CVE within broader Ora...

4CVSS5AI score0.0309EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.119 views

CVE-2013-6673

Technical details about CVE-2013-6673 are not publicly available in the provided connected documents; monitor for updates.

5.9CVSS6.9AI score0.02886EPSS
CVE
CVE
added 2014/11/04 9:0 p.m.119 views

CVE-2014-0222

CVE-2014-0222 affects QEMU’s qcow_open() in block/qcow.c, where an integer overflow can be triggered by a large L2 table in a QCOW version 1 image, enabling a remote crash/DoS. Public disclosures reference QEMU up to version 1.7.2 as affected; fixes patch or upgrade to a later QEMU release (1.7.2...

7.5CVSS6.5AI score0.02116EPSS
CVE
CVE
added 2014/11/14 3:0 p.m.119 views

CVE-2014-7815

CVE-2014-7815 affects the QEMU component: the function set_pixel_format in ui/vnc.c can be triggered remotely to crash the QEMU process (DoS) by sending a small value for bytes_per_pixel. The vulnerability is explicitly documented in multiple advisories and patches were issued in openSUSE/SUSE se...

5CVSS5.8AI score0.03742EPSS
CVE
CVE
added 2007/12/04 12:0 a.m.118 views

CVE-2007-6206

CVE-2007-6206 affects the Linux kernel (2.4.x and 2.6.x up to 2.6.24-rc3). The issue lies in the do_coredump function in fs/exec.c, where the core dump file’s UID is not changed if a core dump already exists in the same location when a root-owned process dumps a core. This behavior could allow a ...

2.1CVSS5.2AI score0.00425EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.118 views

CVE-2012-3989

CVE-2012-3989 affects Mozilla Firefox (and related Mozilla products) prior to version 16.0, Thunderbird prior to 16.0, and SeaMonkey prior to 2.13. The vulnerability is a crash caused by an invalid cast when using the instanceof operator on certain JavaScript objects, which could allow remote att...

9.3CVSS9.5AI score0.03464EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.118 views

CVE-2013-0767

CVE-2013-0767 affects Mozilla Firefox (and related Mozilla components) with the nsSVGPathElement::GetPathLengthScale path handling. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via an out-of-bounds read, reported for Firefox before 18.0, ESR 10....

10CVSS9.5AI score0.05815EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.118 views

CVE-2014-1485

CVE-2014-1485 affects Mozilla Firefox (prior to 27.0) and SeaMonkey (prior to 2.24). The CSP implementation in these browsers evaluates style-src directives for XSLT processing rather than script-src, potentially allowing remote attackers to execute arbitrary XSLT code through insufficient style-...

7.5CVSS9.4AI score0.02995EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.118 views

CVE-2014-1498

CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...

5CVSS8.8AI score0.01778EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.118 views

CVE-2014-1500

CVE-2014-1500 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue allows remote attackers to cause resource exhaustion and application hang via onbeforeunload events that trigger background JavaScript execution. Exploitation details are not provided in the available docum...

5CVSS9AI score0.03541EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.118 views

CVE-2024-46951

CVE-2024-46951 is an issue in Artifex Ghostscript (Pattern color space) where an unchecked Implementation pointer could lead to arbitrary code execution. Connected advisories confirm this affects Ghostscript’s PostScript/PDF interpreter and note a developer-identified fix in ghostpdl-10.04.0, add...

7.8CVSS7.1AI score0.00356EPSS
CVE
CVE
added 2009/03/06 11:0 a.m.117 views

CVE-2009-0834

The CVE-2009-0834 issue affects the Linux kernel up to 2.6.28.7 on x86_64, where audit_syscall_entry mishandles 32-bit processes making 64-bit syscalls or 64-bit processes making 32-bit syscalls. This can allow local users to bypass certain syscall audit configurations, and is related to CVE-2009...

3.6CVSS4.6AI score0.00441EPSS
CVE
CVE
added 2009/10/20 5:0 p.m.117 views

CVE-2009-2910

CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...

2.1CVSS5.9AI score0.00414EPSS
CVE
CVE
added 2011/01/07 11:0 a.m.117 views

CVE-2010-4160

The CVE-2010-4160 issue is present in the Linux kernel before 2.6.36.2, involving multiple integer overflows in the PPPoL2TP and IPoL2TP sendmsg paths (pppol2tp_sendmsg and l2tp_ip_sendmsg). The vulnerability can allow local users to trigger a denial of service through heap memory corruption and ...

6.9CVSS7.5AI score0.00529EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.117 views

CVE-2013-3804

CVE-2013-3804 affects Oracle MySQL Server prior to specific versions (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The issue is described as an unspecified vulnerability in the Server Optimizer that remote authenticated users can exploit to affect availability via unknown vectors....

4CVSS4.3AI score0.02983EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.117 views

CVE-2014-6463

CVE-2014-6463 affects Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier; impact is availability via SERVER:REPLICATION ROW FORMAT BINARY LOG DML when an authenticated remote user runs DML. Red Hat advisories RHSA-2014-1940 and related RHSA entries indicate that MariaDB/MariaDB-Galera ...

3.3CVSS6.1AI score0.02815EPSS
CVE
CVE
added 2009/10/22 3:26 p.m.116 views

CVE-2009-3620

CVE-2009-3620 affects the ATI Rage 128 (r128) driver in the Linux kernel, where the driver fails to properly verify Concurrent Command Engine (CCE) state initialization. This local vulnerability can cause a NULL pointer dereference and system crash (DoS) and may allow privilege escalation via uns...

7.8CVSS6.7AI score0.00425EPSS
CVE
CVE
added 2010/05/07 6:23 p.m.116 views

CVE-2010-1437

CVE-2010-1437 is a race condition in the Linux kernel’s keyring handling (find_keyring_by_name in security/keys/keyring.c) affecting version 2.6.34-rc5 and earlier. A local user can exploit this via keyctl session commands that access a dead keyring being deleted by key_cleanup, leading to memory...

7CVSS7.2AI score0.00658EPSS
CVE
CVE
added 2010/09/21 5:0 p.m.116 views

CVE-2010-3080

CVE-2010-3080 is a double-free vulnerability in the Linux kernel’s snd_seq_oss_open() (sound/core/seq/oss/seq_oss_init.c) affecting kernels before 2.6.36-rc4. An unsuccessful open of /dev/sequencer could trigger kernel memory corruption, leading to local denial of service and potentially other im...

7.2CVSS7.7AI score0.00416EPSS
CVE
CVE
added 2010/11/30 10:0 p.m.116 views

CVE-2010-4080

CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...

2.1CVSS5.6AI score0.0042EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.116 views

CVE-2010-4165

CVE-2010-4165 affects the Linux kernel prior to 2.6.37-rc2. The do_tcp_setsockopt function does not properly constrain TCP_MAXSEG (MSS) values, allowing a local user to trigger a denial of service via a setsockopt with a small value, leading to a divide-by-zero or signed-integer misuse. Evidence ...

4.9CVSS6.8AI score0.01355EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.116 views

CVE-2013-0766

CVE-2013-0766 is a use-after-free in the ~nsHTMLEditRules implementation affecting Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15. The vulnerabili...

9.3CVSS9.5AI score0.04713EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.116 views

CVE-2013-3808

CVE-2013-3808 affects Oracle MySQL Server up to certain older releases: 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier. The vulnerability is described as unspecified and remote-authenticated, impacting availability via unknown vectors related to Server Options. No exploitation det...

4CVSS4.2AI score0.02827EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.116 views

CVE-2013-5611

CVE-2013-5611 refers to Mozilla Firefox (pre-26.0) where an App Installation doorhanger isn’t properly removed, enabling a remote attacker to spoof a Web App installation site by timing page navigation. Connected sources confirm affected products and fixes: IBM/SONAS and IBM Storwize advisories l...

5.8CVSS9AI score0.02138EPSS
CVE
CVE
added 2010/03/03 7:0 p.m.115 views

CVE-2010-0205

CVE-2010-0205 concerns libpng’s png_decompress_chunk() in libpng 1.0.x (before 1.0.53), 1.2.x (before 1.2.43), and 1.4.x (before 1.4.1). The vulnerability arises from improper handling of compressed ancillary-chunk data with an excessively large uncompressed representation, enabling a crafted PNG...

4.3CVSS8.8AI score0.04208EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.115 views

CVE-2014-6484

CVE-2014-6484 is listed as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, with remote authenticated users able to affect availability via SERVER:DML. Connected Red Hat advisories (RHSA-2014-1940 and RHSA-2014-1862) classify this under MariaDB/MySQL...

4CVSS6.2AI score0.02667EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.115 views

CVE-2015-2737

CVE-2015-2737 affects Mozilla Firefox before 39.0 (and ESR 31.x before 31.8, 38.x before 38.1) and Thunderbird before 38.1. It targets rx::d3d11::SetBufferData, which reads data from uninitialized memory locations. The description notes the impact and attack vectors are unspecified; no explicit f...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.115 views

CVE-2015-8931

CVE-2015-8931 involves multiple integer overflows in libarchive’s mtree support. The vulnerability arises in archive_read_support_format_mtree.c (mtree parser) in libarchive before 3.2.0, potentially allowing a remote attacker to trigger undefined behavior via a crafted mtree file. Connected advi...

7.8CVSS8AI score0.02122EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.115 views

CVE-2016-0668

CVE-2016-0668 affects Oracle MySQL 5.6.28 and earlier, 5.7.10 and earlier, and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12. The vulnerability is described as an unspecified issue related to InnoDB that can allow local users to affect availability. Remediation stated in the sources inc...

4.1CVSS4.3AI score0.0146EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.114 views

CVE-2012-4205

CVE-2012-4205 affects Mozilla Firefox (prior to 17.0), Mozilla Thunderbird (prior to 17.0), and SeaMonkey (prior to 2.14). The root cause, per the description, is that XMLHttpRequest objects created in sandboxes are assigned the system principal rather than the sandbox principal, enabling CSRF ag...

6.8CVSS8.5AI score0.01613EPSS
CVE
CVE
added 2013/02/13 1:0 a.m.114 views

CVE-2012-6075

CVE-2012-6075 is a buffer overflow in the e1000_receive function of the e1000 device driver (hw/e1000.c) used by QEMU 1.3.0-rc2 and related versions when SBP and LPE flags are disabled. The vulnerability could allow a remote attacker to crash the guest OS or potentially execute arbitrary code ins...

9.3CVSS7.8AI score0.04904EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.113 views

CVE-2012-1090

CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...

5.5CVSS5.8AI score0.004EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.113 views

CVE-2012-4209

Mode C: The CVE-2012-4209 issue affects Mozilla-based components used in MiracleLinux 4 (firefox-10.0.11-1.0.1.AXS4, xulrunner-10.0.11-1.0.1.AXS4) and is described as allowing cross-site scripting by abusing top frame name and location access. Affected products include Mozilla Firefox and Firefox...

4.3CVSS7.8AI score0.02546EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.113 views

CVE-2013-3805

CVE-2013-3805 affects Oracle MySQL: MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 is vulnerable. Description specifies an unspecified vulnerability that allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. The entry do...

4CVSS5.1AI score0.02291EPSS
CVE
CVE
added 2014/07/03 1:0 a.m.113 views

CVE-2014-4667

CVE-2014-4667 affects the Linux kernel: the sctp_association_free function in net/sctp/associola.c before version 3.15.2 fails to properly manage a specific backlog value, enabling remote attackers to trigger a denial of service (socket outage) via a crafted SCTP packet. The vulnerability is root...

5CVSS5.2AI score0.05926EPSS
CVE
CVE
added 2015/07/02 9:16 p.m.113 views

CVE-2015-0192

Technical details for CVE-2015-0192 are not provided in the connected documents. The initial description names IBM Java vulnerabilities but does not specify affected products, versions, vectors, or fixes in the supplied sources. Monitor for updates.

9.8CVSS4.5AI score0.04542EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.113 views

CVE-2015-8933

CVE-2015-8933 is a Libarchive vulnerability: an integer overflow in archive_read_support_format_tar_skip() within archive_read_format_tar.c, affecting Libarchive prior to 3.2.0. This can allow a remote attacker to crash a target via a crafted tar file (DoS). The connected Nessus/EulerOS entries c...

5.5CVSS6AI score0.02028EPSS
CVE
CVE
added 2010/09/08 7:0 p.m.112 views

CVE-2010-2803

CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...

1.9CVSS6.8AI score0.00467EPSS
CVE
CVE
added 2010/09/03 7:0 p.m.112 views

CVE-2010-2954

The CVE-2010-2954 issue affects the Linux kernel IRDA stack: irda_bind in net/irda/af_irda.c may dereference a NULL pointer when irda_open_tsap fails, causing local denial of service (kernel panic) via repeated unsuccessful binds on AF_IRDA (PF_IRDA) sockets. Affected software is the Linux kernel...

4.9CVSS7.3AI score0.00422EPSS
CVE
CVE
added 2010/12/29 5:27 p.m.112 views

CVE-2010-3874

CVE-2010-3874: Heap-based buffer overflow in the bcm_connect function of net/can/bcm.c (Broadcast Manager) in the Linux kernel CAN implementation. Affects 64-bit kernels, before 2.6.36.2, enabling local attackers to cause memory corruption and a denial of service via a connect operation. The conn...

4CVSS7AI score0.00395EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.112 views

CVE-2012-3961

CVE-2012-3961 is a use-after-free in the RangeData implementation affecting Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, and SeaMonkey before 2.12. Exploitation could allow remote code execution or a denial of service via heap memory...

10CVSS9.4AI score0.06664EPSS
CVE
CVE
added 2014/01/21 6:0 p.m.112 views

CVE-2013-0339

CVE-2013-0339 affects libxml2 up to version 2.9.1 and is an XML External Entity (XXE) issue. The root cause is improper handling of external entities expansion unless an application developer uses xmlSAX2ResolveEntity or xmlSetExternalEntityLoader. Impact cited includes potential denial of servic...

6.8CVSS9AI score0.03609EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.112 views

CVE-2014-1484

CVE-2014-1484 affects Mozilla Firefox on Android 4.2 and earlier, where system logs may contain profile paths, enabling a crafted application to access sensitive information. Connected docs reference the CVE within openSUSE Firefox ESR advisories and indicate fixes in later Firefox ESR updates (e...

5CVSS8.5AI score0.01556EPSS
CVE
CVE
added 2014/06/23 10:0 a.m.112 views

CVE-2014-4027

CVE-2014-4027 affects the Linux kernel prior to 3.14. The flaw is in the rd_build_device_space function (drivers/target/target_core_rd.c), where a data structure is not properly initialized, enabling local users to read sensitive information from ramdisk_mcp memory by abusing access to a SCSI ini...

2.3CVSS6.6AI score0.0065EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.112 views

CVE-2014-6507

CVE-2014-6507 affects Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier. A vulnerability in SERVER:DML could allow remote authenticated users to impact confidentiality, integrity, and availability. The description and affected versions are cited across multiple advisories (Oracle CPU...

4.3CVSS5.5AI score0.0726EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.112 views

CVE-2015-8932

The CVE-2015-8932 issue affects the libarchive library, specifically the compress_bidder_init function in archive_read_support_filter_compress.c, before version 3.2.0. A crafted tar file can trigger an invalid left shift, allowing a remote attacker to cause a denial of service (crash). Public ref...

5.5CVSS5.8AI score0.02214EPSS
CVE
CVE
added 2009/09/15 10:0 p.m.111 views

CVE-2009-2903

The CVE-2009-2903 entry concerns a memory leak in the Linux kernel appletalk subsystem. When the appletalk and ipddp modules are loaded but the ipddp device is not found, remote attackers can trigger memory consumption leading to a denial of service. The issue affects 2.4.x up to 2.4.37.6 and 2.6...

7.1CVSS6.6AI score0.03848EPSS
Web
Total number of security vulnerabilities474