Lucene search
K
SuseLinux Enterprise Server

474 matches found

CVE
CVE
added 2010/09/30 2:0 p.m.100 views

CVE-2010-3298

CVE-2010-3298 affects the Linux kernel. The hso_get_count function in drivers/net/usb/hso.c, in kernel builds before 2.6.36-rc5, does not initialize a certain structure member, which allows local users to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. T...

2.1CVSS6.8AI score0.00407EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.100 views

CVE-2015-8926

CVE-2015-8926 affects libarchive, where the function archive_read_format_rar_read_data in the RAR parser can be triggered by a specially crafted RAR file to cause a crash (denial of service). The initial description notes this as a vulnerability in libarchive prior to 3.2.0. Connected sources cor...

5.5CVSS6.1AI score0.01995EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.99 views

CVE-2012-4182

CVE-2012-4182 is a Use-after-free in Mozilla Firefox’s nsTextEditRules::WillInsert, affecting Firefox <= 16.0 and Firefox ESR <= 10.x <= 10.0.8, Thunderbird <= 16.0 and ESR 10.x <= 10.0.8, and SeaMonkey

9.3CVSS9.4AI score0.04727EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.98 views

CVE-2012-4215

CVE-2012-4215 is a use-after-free in Mozilla Firefox’s nsPlaintextEditor::FireClipboardEvent that could allow remote code execution or a heap memory corruption, affecting Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before...

9.3CVSS9AI score0.06074EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.98 views

CVE-2012-4216

CVE-2012-4216 is a use-after-free in gfxFont::GetFontEntry affecting Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14. Exploitation could lead to remote code execution or a denial of service via h...

9.3CVSS9AI score0.06074EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.98 views

CVE-2014-3469

CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...

5CVSS5.6AI score0.03817EPSS
CVE
CVE
added 2016/06/06 5:0 p.m.98 views

CVE-2015-5041

CVE-2015-5041 : IBM J9 JVM flaw in IBM SDK, Java Technology Edition allows remote attackers to invoke non-public interface methods, potentially exposing sensitive data or allowing data injection. Affected IBM Java versions: 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 bef...

9.1CVSS8.7AI score0.03901EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.98 views

CVE-2015-8930

CVE-2015-8930 affects libarchive’s ISO parser (bsdtar) and can cause a denial-of-service via an infinite loop when opening a crafted ISO with a directory that is a member of itself. The available connected documents show this vulnerability across multiple advisories and platforms, indicating it i...

7.5CVSS7.5AI score0.04287EPSS
CVE
CVE
added 2009/04/17 2:0 p.m.97 views

CVE-2009-1186

CVE-2009-1186 affects udev prior to version 1.4.1, where a buffer overflow in util_path_encode in udev/lib/libudev-util.c can be triggered by crafted arguments, enabling a local denial of service. Public reports tie this with the same issue as CVE-2009-1185/1186; multiple advisories (Mandriva, Ma...

2.1CVSS6AI score0.00539EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.97 views

CVE-2012-5833

CVE-2012-5833 concerns WebGL texImage2D handling in Mozilla Firefox (and related Gecko-based products) that interacts with Mesa drivers. The vulnerability can allow remote code execution or a denial of service (memory corruption) via certain level parameter values. Affected versions include Firef...

9.3CVSS9.1AI score0.0483EPSS
CVE
CVE
added 2015/11/09 2:0 a.m.97 views

CVE-2015-2695

CVE-2015-2695 affects MIT Kerberos 5 (krb5) where the krb5 GSS-API SPNEGO mechanism mishandles a context, relying on an inappropriate context handle. This can enable a remote attacker to cause a denial of service via a crafted gss_inquire_context call on a partially-established SPNEGO context, le...

5CVSS7AI score0.06243EPSS
CVE
CVE
added 2015/11/09 2:0 a.m.97 views

CVE-2015-2696

MIT Kerberos 5 (krb5) vulnerability CVE-2015-2696 arises from an inappropriate context handle in iakerb.c, enabling remote denial of service via crafted IAKERB packets during gss_inquire_context. IBM CP4S remediation in the connected materials shows affected Cloud Pak for Security versions 1.8.0....

7.1CVSS7AI score0.04543EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.96 views

CVE-2009-1961

CVE-2009-1961 is a local-denial-of-service vulnerability in the Linux kernel related to the inode double-locking path in fs/ocfs2/file.c. A sequence of splice system calls can deadlock between generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write, preventing file creation/remov...

4.7CVSS4.4AI score0.00589EPSS
CVE
CVE
added 2010/09/29 4:0 p.m.96 views

CVE-2010-2478

CVE-2010-2478: The Linux kernel before 2.6.33.7 on 32-bit platforms has an integer overflow in ethtool_get_rxnfc(), triggered by a large info.rule_cnt via ETHTOOL_GRXCLSRLALL. Local users can cause a denial of service or potentially other impact (as described in the connected Mirage/Linux advisor...

7.2CVSS7.6AI score0.00419EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.96 views

CVE-2012-5835

CVE-2012-5835 describes an integer overflow in the WebGL subsystem of Mozilla Firefox prior to 17.0 (also affecting Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0 and Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14). The overflow can lead to remote code execution or a den...

10CVSS9.1AI score0.08528EPSS
CVE
CVE
added 2021/07/28 9:35 a.m.96 views

CVE-2021-32000

CVE-2021-32000 is a local privilege issue in the clone-master-clean-up.sh script of the clone-master-clean-up utility. A UNIX symlink following vulnerability could allow local attackers to delete arbitrary files on SUSE Linux Enterprise Server 12 SP3 (1.6-4.6.1 and earlier) and 15 SP1 (1.6-3.9.1 ...

7.1CVSS5.1AI score0.00296EPSS
CVE
CVE
added 2020/01/02 6:39 p.m.95 views

CVE-2010-3782

CVE-2010-3782 affects obs-server prior to 1.7.7, where a bug in the REST API implementation allows login by 'unconfirmed' accounts. This exposes unauthorized access through the authentication flow. The practical impact is limited to systems running affected obs-server versions and relying on unco...

8.8CVSS8.5AI score0.01091EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.95 views

CVE-2012-3956

CVE-2012-3956 is a use-after-free in MediaStreamGraphThreadRunnable::Run in Mozilla Firefox before 15.0 (and similar affected versions for Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, SeaMonkey before 2.12). Successful exploitation could allow remote attackers t...

10CVSS9.4AI score0.05408EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.95 views

CVE-2012-3968

CVE-2012-3968 is a use-after-free in Firefox’s WebGL implementation related to deletion of a fragment shader by its accessor. The issue allows remote attackers to execute arbitrary code via crafted web content. Affected products include Mozilla Firefox (and Firefox ESR 10.x lineage) prior to patc...

10CVSS9.2AI score0.05899EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.95 views

CVE-2012-5838

CVE-2012-5838 affects the WebGL copyTexImage2D in Mozilla Firefox (<17.0), Thunderbird (<17.0), and SeaMonkey (

9.3CVSS8.9AI score0.06155EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.95 views

CVE-2013-0771

CVE-2013-0771 describes a heap-based buffer overflow in Mozilla Firefox’s gfxTextRun::ShrinkToLigatureBoundaries, affecting Firefox before 18.0 (and ESR 17.x before 17.0.1), Thunderbird before 17.0.2 (and ESR 17.x before 17.0.1), and SeaMonkey before 2.15. Successful exploitation via a crafted do...

9.3CVSS9.5AI score0.05334EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.94 views

CVE-2012-5840

CVE-2012-5840 is a Use-after-free vulnerability in Mozilla Firefox’s nsTextEditorState::PrepareEditor, affecting Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14. The flaw allows remote attacker...

9.3CVSS9.1AI score0.06074EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.94 views

CVE-2015-0484

CVE-2015-0484 affects Oracle Java SE 7u76, 8u40 and JavaFX 2.2.76. The Initial Description notes an unspecified vulnerability with unknown vectors impacting confidentiality, integrity, and availability. Connected documents confirm this CVE is bundled with multiple Java vulnerabilities and show se...

6.8CVSS3.6AI score0.02992EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.94 views

CVE-2016-4957

ntpd (NTP) before version 4.2.8p8 is vulnerable to a remote DoS via specially crafted crypto-NAK packets, causing ntpd to crash. This issue stems from an incorrect fix applied after CVE-2016-1547 and affects ntpd’s handling of CRYPTO-NAK. Public references indicate an impact to the daemon’s avail...

7.5CVSS6.2AI score0.44936EPSS
CVE
CVE
added 2009/07/22 6:0 p.m.93 views

CVE-2009-2472

Affected software: Mozilla Firefox before 3.0.12 (as per CVE-2009-2472). Issue: during object construction, Firefox did not always use XPCCrossOriginWrapper, allowing bypass of the Same Origin Policy and enabling cross-site scripting (XSS) via a crafted document. Impact: potential XSS vulnerabili...

4.3CVSS7.5AI score0.02243EPSS
CVE
CVE
added 2012/02/09 2:0 a.m.93 views

CVE-2011-3970

CVE-2011-3970 affects libxslt as used in Google Chrome prior to 17.0.963.46, enabling a remote attacker to cause a denial of service via an out-of-bounds read (vectors not specified in the entry). The issue has been addressed in downstream advisories and Chrome updates; Chrome/SUSE/Fedora advisor...

4.3CVSS6.8AI score0.01824EPSS
CVE
CVE
added 2013/05/13 11:0 p.m.93 views

CVE-2013-2021

The CVE-2013-2021 issue affects ClamAV up to version 0.97.7, where pdf.c mishandles a crafted length in encrypted PDF files, causing an out-of-bounds read and potential denial of service. Public advisories within the connected documents corroborate fixes tied to ClamAV 0.97.8 and later. Affected ...

4.3CVSS8.6AI score0.03502EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.93 views

CVE-2015-0492

CVE-2015-0492 is an unspecified vulnerability in Oracle Java SE 7u76, 8u40, and JavaFX 2.2.76 that could affect confidentiality, integrity, and availability via unknown vectors. Connected sources confirm this CVE was addressed by OpenJDK/OpenJRE/JDK security updates in openSUSE/SUSE advisories (e...

9.3CVSS3.6AI score0.04339EPSS
CVE
CVE
added 2011/11/11 6:0 p.m.92 views

CVE-2011-3439

CVE-2011-3439 affects FreeType in CoreGraphics on Apple iOS prior to 5.0.1. An attacker could craft a font in a document to trigger memory corruption, enabling remote code execution or a denial of service. Affected component: FreeType/CoreGraphics; impact: code execution and memory corruption. Re...

9.3CVSS7.4AI score0.05329EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.92 views

CVE-2012-5839

CVE-2012-5839 is a heap-based buffer overflow in Mozilla's gfxShapedWord::CompressedGlyph::IsClusterStart that affects Firefox and related Mozilla components. Affected software includes Mozilla Firefox before 17.0 (and ESR 10.x before 10.0.11), Thunderbird before 17.0 (and ESR 10.x before 10.0.11...

9.3CVSS9.1AI score0.06997EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.92 views

CVE-2024-46955

CVE-2024-46955 : Ghostscript contains an out-of-bounds read in psi/zcolor.c when reading color in Indexed color space, before version 10.04.0. Impact is a local issue with user interaction required (per CVSS details: AV:L, UI:R, Availability:A:H). The fix is indicated by the ghostpdl-10.04.0 comm...

5.5CVSS6.4AI score0.00296EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.91 views

CVE-2014-9853

CVE-2014-9853 : In ImageMagick, a memory leak in the coders/rle.c parser can be triggered by a crafted RLE file, enabling remote attackers to cause a denial of service via memory consumption. The available documents confirm ImageMagick and the rle.c component as the affected codepath; no version ...

5.5CVSS5.7AI score0.01815EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.90 views

CVE-2012-4196

CVE-2012-4196 affects Mozilla Firefox (and related Mozilla components) where a prototype property-injection attack on the Location object (window.location) bypassed Same Origin Policy. Affected are Firefox prior to 16.0.2, Firefox ESR 10.x prior to 10.0.10, Thunderbird prior to 16.0.2, Thunderbir...

6.4CVSS8.8AI score0.03287EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.90 views

CVE-2013-5610

CVE-2013-5610 is a memory-corruption vulnerability in the Mozilla Firefox browser engine (pre-26.0) and SeaMonkey (pre-2.23) with potential remote code execution via unknown vectors and denial of service. Public advisories (e.g., openSUSE/MFSA entries) indicate fixes are available by upgrading Fi...

10CVSS9.9AI score0.06511EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.90 views

CVE-2014-6564

CVE-2014-6564 affects Oracle MySQL Server 5.6.19 and earlier. Described as an unspecified vulnerability that allows remote authenticated users to affect availability via INNODB FULLTEXT SEARCH DML vectors. Connected sources confirm affected product/version and impact focus on availability; no exp...

4CVSS6.1AI score0.02365EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.89 views

CVE-2012-4179

CVE-2012-4179 is a use-after-free in Mozilla Firefox's nsHTMLCSSUtils::CreateCSSPropertyTxn that can lead to code execution or heap memory corruption. Affected are Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey befor...

9.3CVSS9.4AI score0.04727EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.89 views

CVE-2012-4183

CVE-2012-4183 is a use-after-free in DOMSVGTests::GetRequiredFeatures affecting Firefox before 16.0, Firefox ESR before 10.0.8, Thunderbird before 16.0, and SeaMonkey before 2.13, with potential for remote code execution or a denial of service via heap memory corruption. Connected advisories from...

9.3CVSS9.4AI score0.04803EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.89 views

CVE-2012-4184

CVE-2012-4184 affects Mozilla's COW in Firefox (and related Mozilla products) prior to version 16.0 (Firefox), ESR 10.x prior to 10.0.8, Thunderbird prior to 16.0, Thunderbird ESR 10.x prior to 10.0.8, and SeaMonkey prior to 2.13. The issue allows a crafted web site to bypass restrictions and acc...

4.3CVSS9.1AI score0.01802EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.88 views

CVE-2012-3963

CVE-2012-3963 is a Use-after-free in Mozilla Firefox's js::gc::MapAllocToTraceKind that can allow remote code execution. Affected: Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, SeaMonkey before 2.12. Mitigation: upgrade to Firefo...

10CVSS9.4AI score0.05949EPSS
CVE
CVE
added 2012/10/12 10:0 a.m.88 views

CVE-2012-4193

CVE-2012-4193 affects Mozilla Firefox and related Mozilla products (Firefox before 16.0.1, Firefox ESR before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR before 10.0.9, SeaMonkey before 2.13.1). Root cause: a security check in the defaultValue unwrapping of security wrappers is omitted, al...

6.8CVSS9AI score0.01155EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.88 views

CVE-2015-8925

CVE-2015-8925 affects libarchive (before 3.2.0). A denial of service can be triggered by processing a crafted mtree file due to an invalid memory read in read_mtree. Affected products include libarchive in various distributions; remediation is to upgrade to a fixed libarchive version as provided ...

5.5CVSS6.2AI score0.0206EPSS
CVE
CVE
added 2009/03/30 4:0 p.m.86 views

CVE-2009-0115

CVE-2009-0115 affects the device-mapper-multipath tool (multipath-tools) version 0.4.8 used in multiple Linux distributions (SUSE openSUSE, SLES, Fedora, etc.). The underlying issue is world-writable permissions on the socket file /var/run/multipathd.sock, which allows a local user to send arbitr...

7.8CVSS7.4AI score0.00494EPSS
CVE
CVE
added 2010/01/09 6:0 p.m.86 views

CVE-2010-0013

CVE-2010-0013 affects Pidgin (libpurple) via the MSN protocol plugin, specifically the slp.c code path handling custom smiley requests. A directory traversal vulnerability in an MSN emoticon request (.. in filename) could allow remote attackers to read arbitrary files on the affected host. Root c...

7.5CVSS7.5AI score0.12496EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.86 views

CVE-2012-5843

CVE-2012-5843 affects Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14. The vulnerability is described as unspecified memory safety hazards in the browser engine that could lead to memory corruption and a crash (DoS) or, potentially, arbitrary code execution via unk...

9.3CVSS9.2AI score0.05783EPSS
CVE
CVE
added 2008/03/19 10:0 a.m.85 views

CVE-2008-0063

CVE-2008-0063 affects MIT Kerberos 5 (krb5kdc) where Kerberos v4 support leaves an unused buffer uncleared when generating error messages. This can allow remote attackers to read sensitive information from memory. Public advisories across multiple vendors (e.g., MiracleLinux AXSA-2008-345/AXSA-20...

7.5CVSS8.6AI score0.03478EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.85 views

CVE-2023-23005

The CVE-2023-23005 issue affects the Linux kernel prior to 6.2. It occurs in mm/memory-tiers.c where alloc_memory_type is misinterpreted (treating an error pointer as NULL in the error case), potentially enabling an availability impact. The root cause is the incorrect handling of the alloc_memory...

5.5CVSS5.1AI score0.00268EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.84 views

CVE-2014-9854

CVE-2014-9854 affects ImageMagick, specifically the tiff coder (coders/tiff.c). The vulnerability allows remote attackers to cause an application crash (DoS) via vectors related to image identification. The supplied connected documents confirm the existence of this CVE within ImageMagick and desc...

7.5CVSS7AI score0.03656EPSS
CVE
CVE
added 2008/08/08 7:0 p.m.83 views

CVE-2008-1945

CVE-2008-1945 is documented in multiple advisories linked to QEMU 0.9.0 used within MiracleLinux/Xen deployments. The vulnerability arises when a guest OS alters the removable media header via the -usbdevice diskformat option, enabling the guest to read arbitrary files from the host by identifyin...

2.1CVSS7.3AI score0.0047EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.81 views

CVE-2012-4217

CVE-2012-4217 is a use-after-free in Mozilla Firefox <17.0, Thunderbird <17.0, and SeaMonkey

9.3CVSS8.8AI score0.06155EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.81 views

CVE-2014-1494

CVE-2014-1494 concerns multiple memory-safety vulnerabilities in the browser engine of Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25, with remote denial of service or potential arbitrary code execution via unknown vectors. The connected docs confirm that these issues are part of MFSA ...

9.3CVSS9.9AI score0.05079EPSS
Total number of security vulnerabilities474