Lucene search
K
SuseLinux Enterprise Server10

198 matches found

CVE
CVE
added 2011/08/29 3:0 p.m.4573 views

CVE-2011-3192

CVE-2011-3192 is a DoS flaw in the Apache HTTP Server related to how Range headers are processed. In affected releases of httpd (1.3.x, 2.0.x up to 2.0.64, and 2.2.x up to 2.2.19), a remote attacker can trigger excessive memory and CPU usage by sending a Range header with multiple overlapping ran...

7.8CVSS6.3AI score0.98945EPSS
In wildWeb
CVE
CVE
added 2014/09/24 6:0 p.m.2915 views

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2012/05/11 10:0 a.m.1943 views

CVE-2012-1823

CVE-2012-1823 affects PHP when run as CGI (php-cgi). The issue is that sapi/cgi/cgi_main.c mishandles query strings without an =, enabling remote code execution by passing command-line options in the query. Affected PHP versions include 5.3.x up to 5.3.12 and 5.4.x up to 5.4.2, with exploitation ...

9.8CVSS9.9AI score0.99998EPSS
In wildWeb
CVE
CVE
added 2014/09/25 1:0 a.m.1333 views

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

10CVSS8.4AI score0.9994EPSS
In wild
CVE
CVE
added 2011/10/19 9:0 p.m.1295 views

CVE-2011-3544

CVE-2011-3544 is a vulnerability in the Java scripting engine where untrusted code (e.g., applets) could elevate privileges due to missing security manager checks. Affected: Oracle Java SE/JDK/JRE 6 and 7 up to update 27 and earlier. Impact reported as remote arbitrary code execution/elevation of...

10CVSS8.5AI score0.96714EPSS
In wild
CVE
CVE
added 2012/06/07 10:0 p.m.1243 views

CVE-2012-0507

CVE-2012-0507 affects Oracle Java SE/JRE (7u2 and earlier, 6u30 and earlier, 5.0u33 and earlier). Root cause: AtomicReferenceArray may not enforce Object[] type, enabling type confusion. Impacts include potential sandbox breach and JVM crash; remote code execution is discussed in related advisori...

10CVSS9AI score0.98113EPSS
In wild
CVE
CVE
added 2012/01/28 2:0 a.m.1208 views

CVE-2012-0053

CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).

4.3CVSS6.2AI score0.82756EPSS
CVE
CVE
added 2013/06/18 10:0 p.m.1198 views

CVE-2013-2465

CVE-2013-2465 is a Java 2D component vulnerability that can cause memory corruption and potential sandbox bypass/remote code execution. It affected Oracle Java SE up to JRE 7u21, JDK 6 up to 6u45, and OpenJDK 7, with 2D-related vectors noted in public disclosures. Several advisories (Debian DSA-2...

10CVSS6.7AI score0.98704EPSS
In wild
CVE
CVE
added 2013/06/26 1:0 a.m.1176 views

CVE-2013-1690

CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...

9.3CVSS7.4AI score0.69021EPSS
In wild
CVE
CVE
added 2015/10/21 11:0 p.m.973 views

CVE-2015-4902

CVE-2015-4902 is an unspecified vulnerability in Oracle Java SE affecting Java 6u101, 7u85, and 8u60, with impact limited to integrity via unknown vectors related to Deployment. The Connected documents confirm the affected products and the vulnerability class, but do not provide concrete exploit ...

5.3CVSS5.5AI score0.13354EPSS
In wild
CVE
CVE
added 2015/04/01 12:0 a.m.947 views

CVE-2015-2808

CVE-2015-2808 concerns RC4 usage in TLS/SSL within OpenJDK/OpenJDK components. The Invariance Weakness (Bar Mitzvah) means RC4 key material can leak partial plaintext from the first bytes of a TLS/SSL stream, enabling plaintext-recovery under certain traffic patterns. Public advisories for OpenJD...

5CVSS4.8AI score0.74006EPSS
CVE
CVE
added 2012/01/18 8:0 p.m.832 views

CVE-2012-0031

CVE-2012-0031 affects Apache HTTP Server 2.2.21 and earlier, specifically scoreboard.c. The vulnerability allows local users to cause a denial of service (daemon crash during shutdown) or potentially other unspecified impact by modifying a type field in a shared scoreboard Memory segment, which l...

4.6CVSS7AI score0.02905EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.780 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2011/05/16 5:0 p.m.759 views

CVE-2011-0419

CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server

4.3CVSS7.7AI score0.30406EPSS
CVE
CVE
added 2009/09/08 6:0 p.m.552 views

CVE-2009-3095

CVE-2009-3095 is a vulnerability in Apache httpd’s mod_proxy_ftp that allows remote authenticated attackers to bypass access restrictions and send arbitrary commands to an FTP server via crafted HTTP Authorization header vectors. The issue is part of a set of fixes for mod_proxy_ftp in the same a...

5CVSS9.4AI score0.1256EPSS
CVE
CVE
added 2011/03/02 7:0 p.m.488 views

CVE-2011-0762

The CVE-2011-0762 issue affects vsftpd prior to a patched release, where the vsftpd GET path handling of glob patterns in STAT commands is flawed. The function vsf_filename_passes_filter in ls.c can be triggered by crafted glob expressions in STAT commands across multiple FTP sessions, enabling r...

4CVSS7.2AI score0.73946EPSS
CVE
CVE
added 2011/12/25 1:0 a.m.423 views

CVE-2011-4862

CVE-2011-4862 is a remote pre-authentication buffer overflow in the encryption handling of BSD telnetd: libtelnet/encrypt.c in telnetd on FreeBSD 7.3–9.0, krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, and GNU inetutils. The underlying bug allows arbitrary code execution by sending a lon...

10CVSS7.3AI score0.95104EPSS
CVE
CVE
added 2007/12/13 6:0 p.m.364 views

CVE-2007-5000

CVE-2007-5000 affects Apache HTTP Server mod_imap and mod_imagemap (v1.3.0–1.3.39 and v2.0.35–2.0.61). The flaw is due to insufficient input validation, allowing remote script/HTML injection via unspecified vectors. Public advisories note fixes in later Apache releases (and related packages); mit...

4.3CVSS8AI score0.46603EPSS
CVE
CVE
added 2017/06/19 4:0 p.m.340 views

CVE-2017-1000366

CVE-2017-1000366 affects glibc (vulnerable in 2.25 and earlier). A flaw in heap/stack memory handling allows crafted LD_LIBRARY_PATH values to influence allocation and memory layout, potentially enabling local arbitrary code execution via stack/heap aliasing. Several advisories and distributions ...

7.8CVSS7.4AI score0.02733EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.329 views

CVE-2010-1205

CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...

9.8CVSS9.9AI score0.43382EPSS
CVE
CVE
added 2012/07/03 4:0 p.m.274 views

CVE-2011-4127

The CVE-2011-4127 entry is supported by connected advisory data that details the vulnerability in the Linux kernel prior to 3.2.2. Affected component: SG_IO ioctl handling in the kernel (SG_IO ioctls not properly restricted). Root cause: insufficient restriction of SG_IO commands, allowing a loca...

4.6CVSS6.4AI score0.00566EPSS
CVE
CVE
added 2009/04/17 2:0 p.m.264 views

CVE-2009-1185

CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...

7.2CVSS7.4AI score0.81528EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.256 views

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

10CVSS8.9AI score0.07936EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.256 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.256 views

CVE-2013-4002

CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...

7.1CVSS6.7AI score0.24738EPSS
CVE
CVE
added 2009/08/06 3:0 p.m.253 views

CVE-2009-2625

CVE-2009-2625 affects Apache Xerces2-Java (XML parser used by JRE/JDK) where parsing a malformed XML with systems DTD identifiers can cause DoS (hangs), via a vulnerability in SYSTEM handling in Xerces2 Java. Connected advisories confirm public fixes: Debian libxerces2-java updates (DSA-1984-1) a...

5CVSS6.1AI score0.3038EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.249 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.247 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2010/05/19 6:13 p.m.235 views

CVE-2010-1321

CVE-2010-1321 affects MIT Kerberos 5’s GSS-API library (krb5) in kg_accept_krb5/accept_sec_context.c. The flaw permits remote authenticated users to cause a denial of service via an AP-REQ with a missing authenticator checksum, triggering a NULL pointer dereference and daemon crash. Affected are ...

6.8CVSS5.4AI score0.06884EPSS
CVE
CVE
added 2015/12/06 12:0 a.m.227 views

CVE-2015-3195

CVE-2015-3195 affects OpenSSL’s ASN.1/TASN_DEC implementation mishandling errors from malformed X509_ATTRIBUTE data, enabling remote attackers to read memory of a CMS/PKCS#7 process. Public records show impact across multiple OpenSSL lines prior to updates: 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef...

5.3CVSS6.3AI score0.38709EPSS
CVE
CVE
added 2014/04/27 12:0 a.m.211 views

CVE-2014-0181

The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...

2.1CVSS6AI score0.00538EPSS
CVE
CVE
added 2010/12/30 6:0 p.m.202 views

CVE-2010-4258

The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...

6.2CVSS6AI score0.02655EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.202 views

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

7.5CVSS7.1AI score0.05839EPSS
CVE
CVE
added 2009/08/27 5:0 p.m.187 views

CVE-2009-2698

CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...

7.8CVSS7.1AI score0.07121EPSS
In wild
CVE
CVE
added 2012/11/21 11:0 a.m.187 views

CVE-2012-5829

CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...

9.3CVSS9.2AI score0.08439EPSS
CVE
CVE
added 2012/06/16 9:0 p.m.185 views

CVE-2012-1717

CVE-2012-1717 is an unspecified local confidentiality vulnerability in the Java Runtime Environment affecting Oracle JRE 7u4 and earlier, 6u32 and earlier, 5u35 and earlier, and 1.4.2_37 and earlier, related to printing on Solaris/Linux. Connected documents (including IBM BigInsights/InfoSphere a...

2.1CVSS7.6AI score0.00476EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.184 views

CVE-2015-7976

CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...

4.3CVSS5.6AI score0.03512EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.183 views

CVE-2015-5194

CVE-2015-5194: ntpd’s log_config_command in ntp_parser.y allows remote attackers to crash ntpd via crafted logconfig commands. Affected are ntpd before 4.2.7p42; remediation is to upgrade to a fixed version (4.2.7p42+). Connected advisories from F5/IBM detail affected products and patch guidance ...

7.5CVSS7.1AI score0.05536EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.178 views

CVE-2014-9584

CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...

2.1CVSS4.5AI score0.00461EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.177 views

CVE-2012-4186

CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...

9.3CVSS9.6AI score0.147EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.176 views

CVE-2015-5165

CVE-2015-5165 affects the RTL8139 emulation in QEMU (C+ mode offload) used by Xen 4.5.x and earlier. A remote attacker could read heap memory in the QEMU process via unspecified vectors, potentially exposing host data. Public sources in connected docs document this as an information-leak flaw in ...

9.3CVSS6.5AI score0.13288EPSS
CVE
CVE
added 2009/02/22 10:0 p.m.172 views

CVE-2009-0040

The CVE-2009-0040 issue affects the PNG reference library (libpng) as used in pngcrush and other apps. A crafted PNG can trigger a free of an uninitialized pointer in png_read_png, pCAL chunk handling, or 16-bit gamma table setup, enabling denial of service or possibly arbitrary code execution. A...

6.8CVSS8.1AI score0.04825EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.169 views

CVE-2013-0754

CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...

9.3CVSS9.4AI score0.05381EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.161 views

CVE-2013-0750

CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...

9.3CVSS9.6AI score0.0633EPSS
CVE
CVE
added 2010/12/06 9:0 p.m.160 views

CVE-2010-4180

OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...

4.3CVSS6.6AI score0.09497EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.159 views

CVE-2013-0757

CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...

9.3CVSS9.1AI score0.60859EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.158 views

CVE-2012-1970

CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...

10CVSS9.8AI score0.05566EPSS
CVE
CVE
added 2010/11/05 5:0 p.m.155 views

CVE-2010-3702

The CVE-2010-3702 issue affects the Xpdf PDF parser (Gfx::getPos) in Xpdf

7.5CVSS7.3AI score0.02757EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.155 views

CVE-2013-0748

CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...

4.3CVSS9.2AI score0.01998EPSS
CVE
CVE
added 2015/06/15 3:0 p.m.155 views

CVE-2015-3209

CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...

7.5CVSS6.5AI score0.09668EPSS
Total number of security vulnerabilities198