Lucene search
K
SuseLinux Enterprise Server

474 matches found

CVE
CVE
added 2009/09/15 10:0 p.m.111 views

CVE-2009-2903

The CVE-2009-2903 entry concerns a memory leak in the Linux kernel appletalk subsystem. When the appletalk and ipddp modules are loaded but the ipddp device is not found, remote attackers can trigger memory consumption leading to a denial of service. The issue affects 2.4.x up to 2.4.37.6 and 2.6...

7.1CVSS6.6AI score0.03848EPSS
Web
CVE
CVE
added 2010/09/03 7:0 p.m.111 views

CVE-2010-2226

CVE-2010-2226 affects the Linux kernel: the xfs_swapext function in fs/xfs/xfs_dfrag.c does not properly validate file descriptors passed to the SWAPEXT ioctl, enabling a local user with write access to swap a file into another and gain read access. The issue is present in kernel versions before ...

2.1CVSS6.9AI score0.00434EPSS
CVE
CVE
added 2011/04/10 1:0 a.m.111 views

CVE-2011-1163

Vulnerability: CVE-2011-1163 affects the Linux kernel (fs/partitions/osf.c) where osf_partition mishandles an invalid number of partitions, potentially allowing local attackers to read kernel heap memory via partition-table parsing vectors. Affected: Linux kernel versions prior to 2.6.38. Root ca...

2.1CVSS7.5AI score0.00414EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.111 views

CVE-2012-1973

CVE-2012-1973 is a use-after-free vulnerability in Mozilla Firefox family components. The issue arises in nsObjectLoadingContent::LoadObject, affecting Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. Expl...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.111 views

CVE-2013-0770

CVE-2013-0770 affects Mozilla Firefox (pre-18.0), Thunderbird (pre-17.0.2), and SeaMonkey (pre-2.15). The issue is described as multiple unspecified vulnerabilities in the browser engine that can cause memory corruption and application crashes, with potential for arbitrary code execution via unkn...

9.3CVSS9.8AI score0.05852EPSS
CVE
CVE
added 2010/11/29 3:0 p.m.110 views

CVE-2010-4078

CVE-2010-4078 affects the Linux kernel before 2.6.36-rc6, where the sisfb_ioctl function in drivers/video/sis/sis_main.c fails to properly initialize a structure member. This allows local users to leak potentially sensitive information from kernel stack memory via the FBIOGET_VBLANK ioctl. Connec...

1.9CVSS7AI score0.0038EPSS
CVE
CVE
added 2010/11/30 10:0 p.m.110 views

CVE-2010-4082

CVE-2010-4082 affects the Linux kernel prior to 2.6.36-rc5, where viafb_ioctl_get_viafb_info in drivers/video/via/ioctl.c fails to initialize a structure member. This can allow local users to leak potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. The issu...

1.9CVSS5.4AI score0.0038EPSS
CVE
CVE
added 2010/11/20 9:0 p.m.110 views

CVE-2010-4169

CVE-2010-4169 is a Linux kernel use-after-free in mm/mprotect.c, vulnerable before 2.6.37-rc2. Local users can trigger a denial of service via an mprotect syscall. The MiracleLinux advisory AXSA:2011-80:02 confirms the issue among kernel fixes; remediation is to upgrade to kernel 2.6.37-rc2 or ne...

4.9CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.110 views

CVE-2013-0769

CVE-2013-0769 refers to multiple unspecified vulnerabilities in the Mozilla browser engine that could cause memory corruption and application crashes, potentially enabling remote code execution. Affected products and versions cited in connected docs include Mozilla Firefox before 18.0, Firefox ES...

9.3CVSS9.9AI score0.05784EPSS
CVE
CVE
added 2013/06/07 10:0 a.m.110 views

CVE-2013-2147

CVE-2013-2147 affects the Linux kernel drivers for HP Smart Array/Compaq SMART2 (cpqarray/cciss). The root cause is uninitialized data structures in ida_locked_ioctl (via /dev/ida) and cciss_ioctl32_passthru (via /dev/cciss), allowing local attackers to read kernel memory how? through crafted IDA...

2.1CVSS5.9AI score0.0042EPSS
Web
CVE
CVE
added 2024/11/10 12:0 a.m.110 views

CVE-2024-46953

CVE-2024-46953 concerns Ghostscript before 10.04.0, where an integer overflow while parsing the output filename format string in base/gsdevice.c can cause path truncation, enabling path traversal and potential code execution. Affected: Ghostscript PS/PDF interpreter, notably ghostpdl-10.04.0 and ...

7.8CVSS7.2AI score0.00387EPSS
CVE
CVE
added 2010/12/10 6:0 p.m.109 views

CVE-2010-3861

CVE-2010-3861 affects the Linux kernel up to version 2.6.36. The vulnerability arises in the ethtool_get_rxnfc function in net/core/ethtool.c, which fails to initialize a certain block of heap memory. This can allow a local user to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLA...

2.1CVSS7.1AI score0.00407EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.109 views

CVE-2012-3985

CVE-2012-3985 is a vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey where the HTML5 Same Origin Policy could be violated, allowing initial-origin access after document.domain is set and potentially enabling cross-site scripting (XSS). Affected versions are Firefox/Thunderbird/SeaMonke...

4.3CVSS8.3AI score0.01914EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.109 views

CVE-2012-4208

CVE-2012-4208 affects Mozilla Firefox ≤ prior to 17.0, Thunderbird ≤ prior to 17.0, and SeaMonkey ≤ 2.13/2.14. The XrayWrapper did not consider compartment during property filtering, allowing remote sites to bypass chrome-only restrictions on reading DOM object properties. Impact per description:...

4.3CVSS8.1AI score0.0211EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.109 views

CVE-2013-3793

CVE-2013-3793 affects Oracle MySQL Server: 5.5.31 and earlier and 5.6.11 and earlier. It is described as an unspecified vulnerability related to Data Manipulation Language that allows remote authenticated users to affect availability via unknown vectors. Connected documents (Nessus/OpenVAS) refer...

4CVSS4.9AI score0.0309EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.109 views

CVE-2015-8928

CVE-2015-8928 affects libarchive MTREE parser: an out-of-bounds read in process_add_entry() when processing a crafted mtree file. Impact is denial of service and potential information disclosure. Affected upstream: libarchive before 3.2.0. Remediation: upgrade to 3.2.0 or later where fixed. Other...

5.5CVSS6.2AI score0.0206EPSS
CVE
CVE
added 2022/10/06 5:14 p.m.109 views

CVE-2022-31252

CVE-2022-31252 describes an Incorrect Authorization in chkstat where group-writable path components aren’t checked, allowing local attackers with group write access to influence path resolution for a privileged binary. Affected: SLES 12-SP5 (permissions versions prior to 20170707); openSUSE Leap ...

4.4CVSS4.3AI score0.00139EPSS
CVE
CVE
added 2009/11/16 7:0 p.m.108 views

CVE-2009-3939

CVE-2009-3939 affects the Linux kernel megaraid_sas driver: the poll_mode_io file has world-writable permissions in kernel 2.6.31.6 and earlier. This enables local users to change the driver I/O mode by modifying the file. The description notes local access and manipulation of driver behavior, wi...

7.1CVSS6.4AI score0.00444EPSS
CVE
CVE
added 2010/11/26 6:23 p.m.108 views

CVE-2010-2963

CVE-2010-2963 affects the Linux kernel’s Video4Linux (V4L) implementation on x86_64, where a flaw in the v4l2-compat ioctl32 code fails to validate the destination of a memory copy, enabling a local user to write arbitrary kernel memory via VIDIOCSTUNER on a /dev/video device followed by VIDIOCSM...

6.2CVSS6AI score0.00816EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.108 views

CVE-2012-1974

CVE-2012-1974 is a use-after-free vulnerability in gfxTextRun::CanBreakLineBefore affecting Mozilla Firefox (and related apps like Thunderbird/SeaMonkey) prior to version 15.0, with remote code execution or a denial of service via unspecified vectors. The connected Nessus entries confirm the CVE ...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.108 views

CVE-2012-1975

CVE-2012-1975 is a Use-after-free vulnerability in PresShell::CompleteMove affecting Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. It potentially allows remote code execution or a denial of serv...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.108 views

CVE-2014-6478

CVE-2014-6478 affects Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier. The vulnerability is described as unspecified, enabling remote attackers to compromise integrity via vectors related to SERVER:SSL:yaSSL . The connected sources confirm the same CVE ID in multiple advisories and...

4.3CVSS6.3AI score0.02554EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.108 views

CVE-2014-6495

CVE-2014-6495 is described in the Initial document as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, enabling remote attackers to affect availability via SERVER:SSL:yaSSL. Connected documents reference this CVE within broader MariaDB/MySQL vulnerabi...

4.3CVSS6.3AI score0.03004EPSS
CVE
CVE
added 2015/06/03 8:0 p.m.108 views

CVE-2015-4106

CVE-2015-4106 : QEMU does not properly restrict write access to the PCI config space for certain PCI passthrough devices, which the documents describe as enabling local x86 HVM guests to gain privileges, cause host crashes, obtain sensitive information, or suffer other unspecified impact. The con...

4.6CVSS7.6AI score0.00483EPSS
CVE
CVE
added 2011/01/03 7:26 p.m.107 views

CVE-2010-4162

CVE-2010-4162: Linux kernel before 2.6.36.2 contains multiple integer overflows in fs/bio.c that allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. MiracleLinux AXSA:2011-57 lists CVE-2010-4162 among affected kernel issues and references a f...

4.7CVSS6.6AI score0.00393EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.107 views

CVE-2012-4187

CVE-2012-4187 is listed in the MiracleLinux/Miracle Linux AXSA advisory as affecting Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13. The vulnerability is described as an issue with managing a cert...

9.3CVSS9.6AI score0.06842EPSS
CVE
CVE
added 2008/11/13 11:0 a.m.106 views

CVE-2008-5021

The CVE-2008-5021 vulnerability affects Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13. It is caused by modifying properties of a file input element while it is still initializing, followed by using blur to access un...

9.3CVSS10AI score0.03633EPSS
CVE
CVE
added 2010/09/08 7:0 p.m.106 views

CVE-2010-2955

The CVE-2010-2955 issue affects the Linux kernel before 2.6.36-rc3-next-20100831, specifically the cfg80211_wext_giwessid function in net/wireless/wext-compat.c, which fails to initialize certain structure members. This enables a local attacker to exploit an off-by-one error in ioctl_standard_iw_...

2.1CVSS5.7AI score0.00415EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.106 views

CVE-2012-1146

The vulnerability CVE-2012-1146 affects the Linux kernel, specifically mem_cgroup_usage_unregister_event in mm/memcontrol.c, when running versions before 3.2.10. The issue arises from how multiple events attached to the same eventfd are handled, enabling a local attacker to trigger a NULL pointer...

5.5CVSS6.4AI score0.0052EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.106 views

CVE-2012-4204

The CVE-2012-4204 entry describes a memory-corruption/remote-code-execution vulnerability in Mozilla Firefox’s JavaScript engine (str_unescape) affecting Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14, exploitable via unspecified vectors. Connected documents indicate rela...

9.3CVSS8.9AI score0.05784EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.106 views

CVE-2013-0759

CVE-2013-0759 affects Mozilla Firefox (and related Mozilla components) prior to version 18.0, Firefox ESR prior to 10.0.12 and 17.0.2, Thunderbird prior to 17.0.2 and ESR prior to 10.0.12/17.0.2, and SeaMonkey prior to 2.15. The vulnerability allows remote attackers to spoof the address bar by ex...

5CVSS6.3AI score0.02284EPSS
CVE
CVE
added 2013/02/08 8:0 p.m.105 views

CVE-2013-0170

CVE-2013-0170 is a use-after-free in virNetMessageFree (rpc/virnetserverclient.c) affecting libvirt 1.0.x prior to 1.0.2, 0.10.2 prior to 0.10.2.3, 0.9.11 prior to 0.9.11.9, and 0.9.6 prior to 0.9.6.4. By triggering certain errors during an RPC connection, a freed message may remain in the queue,...

6.8CVSS7.5AI score0.05774EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.105 views

CVE-2013-3801

CVE-2013-3801 affects the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10. It is described as an unspecified vulnerability that remote authenticated users can exploit to affect availability via unknown vectors related to Server Options. The connected Nessus entries confirm mu...

5CVSS5AI score0.03788EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.105 views

CVE-2013-3809

CVE-2013-3809 is reflected in multiple sources as an issue in the MySQL Server component of Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier. The description specifies an unspecified vulnerability that remotely authenticated users can exploit to affect integrity via unknown vectors related ...

4CVSS4.9AI score0.02648EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.105 views

CVE-2014-1499

CVE-2014-1499 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue lets a remote attacker spoof the domain in the WebRTC camera or microphone permission prompts by triggering a navigation at a specific moment during prompt generation. This is caused by how the browser hand...

4.3CVSS9AI score0.01941EPSS
CVE
CVE
added 2010/09/30 2:0 p.m.104 views

CVE-2010-3079

CVE-2010-3079 affects the Linux kernel up to version 2.6.35.4, specifically in kernel/trace/ftrace.c when debugfs is enabled. The issue arises from interaction between mutex possession and llseek, causing a NULL pointer dereference and outage of all ftrace-related files, leading to a local DoS. A...

5.5CVSS5.5AI score0.0039EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.104 views

CVE-2012-3867

CVE-2012-3867 affects Puppet modules where CSR Common Name validation is lax in Puppet before 2.6.17 and in 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2. This allows user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequenc...

4.3CVSS6.3AI score0.02453EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.104 views

CVE-2012-3957

Affected components: Mozilla Firefox before 15.0 (and Firefox ESR 10.x before 10.0.7), Thunderbird before 15.0 (and Thunderbird ESR 10.x before 10.0.7), SeaMonkey before 2.12.** Vulnerability and root cause: Heap-based buffer overflow in nsBlockFrame::MarkLineDirty, enabling remote code execution...

10CVSS9.6AI score0.07762EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.104 views

CVE-2013-0763

CVE-2013-0763 is a use-after-free vulnerability in Mozilla Firefox (pre-18.0) and Firefox ESR 17.x (pre-17.0.1), Thunderbird (pre-17.0.2/ESR 17.x pre-17.0.1), and SeaMonkey (pre-2.15). It is triggered via Mesa driver interactions and a resized WebGL canvas, potentially allowing remote attackers t...

9.3CVSS9.3AI score0.04395EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.104 views

CVE-2013-3794

CVE-2013-3794: Unspecified vulnerability in the MySQL Server component (Oracle MySQL 5.5.30 and earlier, 5.6.10) allowing remote authenticated users to affect availability; underlying vectors are unknown. The connected documents do not provide concrete technical details (no explicit root cause, a...

4CVSS5AI score0.02711EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.104 views

CVE-2014-3468

The CVE concerns GNU Libtasn1 prior to version 3.6, where asn1_get_bit_der does not properly report an error for a negative bit length. This can enable context-dependent attackers to trigger out-of-bounds access via crafted ASN.1 data, potentially impacting applications using libtasn1. Public ref...

7.5CVSS5.8AI score0.03789EPSS
CVE
CVE
added 2011/07/11 8:0 p.m.103 views

CVE-2011-1526

The CVE-2011-1526 issue affects MIT Kerberos Version 5 Applications (krb5-appl) ftpd.c: it does not check the krb5_setegid return value, enabling remote authenticated users to bypass group restrictions and perform create/overwrite/delete/read of files via FTP. The vulnerability is reported in con...

6.5CVSS4.6AI score0.03938EPSS
CVE
CVE
added 2007/03/06 8:0 p.m.102 views

CVE-2007-1285

CVE-2007-1285 is a denial-of-service flaw in the Zend Engine: processing a deeply nested PHP array can cause stack exhaustion and crash the interpreter. Affected: PHP 4.x before 4.4.7 and PHP 5.x before 5.2.2. Exploitation: remote via crafted input; outcome is a crash/DoS. Remediation: apply patc...

7.5CVSS7.3AI score0.18162EPSS
CVE
CVE
added 2012/01/07 11:0 a.m.102 views

CVE-2011-3919

CVE-2011-3919 is a heap-based buffer overflow in libxml2 used by Chrome up to v16.0.912.75. The flaw occurs when decoding entity references with long names, potentially crashing the application or allowing arbitrary code execution. Public advisories across multiple vendors (Red Hat/CentOS RHSA-20...

7.5CVSS8.5AI score0.02419EPSS
CVE
CVE
added 2014/11/04 9:0 p.m.102 views

CVE-2014-0223

CVE-2014-0223 affects QEMU up to version 1.7.1, via an integer overflow in qcow_open (block/qcow.c) that can be triggered by a large QCOW image size, potentially causing a crash or arbitrary code execution. The root cause is an overflow/out-of-bounds read when handling image sizes. Mitigation: up...

4.6CVSS7.2AI score0.00605EPSS
CVE
CVE
added 2016/05/24 3:0 p.m.102 views

CVE-2016-0264

CVE-2016-0264 is a buffer overflow in IBM Runtime Environment Java (IBM SDK, Java Technology Edition) that allows remote code execution under certain conditions. Affected IBM JRE/JVM versions include IBM SDK 6 (pre SR16 FP25), 6 R1 (pre SR8 FP25), 7 (pre SR9 FP40) and 7 R1 (pre SR3 FP40), and 8 (...

6.8CVSS7.2AI score0.03925EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.101 views

CVE-2010-4342

Vulnerability (CVE-2010-4342) in the Linux kernel affects the AUN path when Econet is enabled. The flaw is in the aun_incoming function (net/econet/af_econet.c) and allows remote attackers to trigger a NULL pointer dereference and kernel OOPS, causing a denial of service via UDP-based Acorn Unive...

7.1CVSS5.8AI score0.03521EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.101 views

CVE-2012-4180

CVE-2012-4180 : A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8; Thunderbird prior to 16.0; Thunderbird ESR 10.x prior to 10.0.8; SeaMonkey prior to 2.13) could allow remote code execution...

9.3CVSS9.6AI score0.09274EPSS
CVE
CVE
added 2010/09/30 2:0 p.m.100 views

CVE-2010-3297

CVE-2010-3297 affects the Linux kernel net/eql driver; the eql_g_master_cfg function in drivers/net/eql.c did not initialize a structure member, enabling local users to read kernel stack memory via an EQL_GETMASTRCFG ioctl. Affects kernels before 2.6.36-rc5; corrected in subsequent patches (net/e...

2.1CVSS5.5AI score0.00408EPSS
CVE
CVE
added 2010/09/30 2:0 p.m.100 views

CVE-2010-3298

CVE-2010-3298 affects the Linux kernel. The hso_get_count function in drivers/net/usb/hso.c, in kernel builds before 2.6.36-rc5, does not initialize a certain structure member, which allows local users to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. T...

2.1CVSS6.8AI score0.00407EPSS
Total number of security vulnerabilities474