Lucene search
K
SuseLinux Enterprise Server11

334 matches found

CVE
CVE
added 2014/02/06 2:0 a.m.15494 views

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

4.3CVSS8.4AI score0.04664EPSS
CVE
CVE
added 2011/08/29 3:0 p.m.4574 views

CVE-2011-3192

CVE-2011-3192 is a DoS flaw in the Apache HTTP Server related to how Range headers are processed. In affected releases of httpd (1.3.x, 2.0.x up to 2.0.64, and 2.2.x up to 2.2.19), a remote attacker can trigger excessive memory and CPU usage by sending a Range header with multiple overlapping ran...

7.8CVSS6.3AI score0.98945EPSS
In wildWeb
CVE
CVE
added 2014/09/24 6:0 p.m.2915 views

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2012/05/11 10:0 a.m.1945 views

CVE-2012-1823

CVE-2012-1823 affects PHP when run as CGI (php-cgi). The issue is that sapi/cgi/cgi_main.c mishandles query strings without an =, enabling remote code execution by passing command-line options in the query. Affected PHP versions include 5.3.x up to 5.3.12 and 5.4.x up to 5.4.2, with exploitation ...

9.8CVSS9.9AI score0.99998EPSS
In wildWeb
CVE
CVE
added 2014/09/25 1:0 a.m.1333 views

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

10CVSS8.4AI score0.9994EPSS
In wild
CVE
CVE
added 2012/06/07 10:0 p.m.1243 views

CVE-2012-0507

CVE-2012-0507 affects Oracle Java SE/JRE (7u2 and earlier, 6u30 and earlier, 5.0u33 and earlier). Root cause: AtomicReferenceArray may not enforce Object[] type, enabling type confusion. Impacts include potential sandbox breach and JVM crash; remote code execution is discussed in related advisori...

10CVSS9AI score0.98113EPSS
In wild
CVE
CVE
added 2013/06/18 10:0 p.m.1198 views

CVE-2013-2465

CVE-2013-2465 is a Java 2D component vulnerability that can cause memory corruption and potential sandbox bypass/remote code execution. It affected Oracle Java SE up to JRE 7u21, JDK 6 up to 6u45, and OpenJDK 7, with 2D-related vectors noted in public disclosures. Several advisories (Debian DSA-2...

10CVSS6.7AI score0.98704EPSS
In wild
CVE
CVE
added 2014/06/07 2:0 p.m.1179 views

CVE-2014-3153

The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...

7.8CVSS6.5AI score0.37233EPSS
In wild
CVE
CVE
added 2013/06/26 1:0 a.m.1176 views

CVE-2013-1690

CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...

9.3CVSS7.4AI score0.69021EPSS
In wild
CVE
CVE
added 2016/05/05 6:0 p.m.1093 views

CVE-2016-3718

ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...

5.5CVSS6.7AI score0.76897EPSS
In wild
CVE
CVE
added 2016/05/05 6:0 p.m.1092 views

CVE-2016-3715

Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...

5.8CVSS6.3AI score0.75383EPSS
In wild
CVE
CVE
added 2015/10/21 11:0 p.m.973 views

CVE-2015-4902

CVE-2015-4902 is an unspecified vulnerability in Oracle Java SE affecting Java 6u101, 7u85, and 8u60, with impact limited to integrity via unknown vectors related to Deployment. The Connected documents confirm the affected products and the vulnerability class, but do not provide concrete exploit ...

5.3CVSS5.5AI score0.13354EPSS
In wild
CVE
CVE
added 2015/08/08 12:0 a.m.972 views

CVE-2015-4495

CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...

8.8CVSS6.6AI score0.70226EPSS
In wildWeb
CVE
CVE
added 2015/04/01 12:0 a.m.947 views

CVE-2015-2808

CVE-2015-2808 concerns RC4 usage in TLS/SSL within OpenJDK/OpenJDK components. The Invariance Weakness (Bar Mitzvah) means RC4 key material can leak partial plaintext from the first bytes of a TLS/SSL stream, enabling plaintext-recovery under certain traffic patterns. Public advisories for OpenJD...

5CVSS4.8AI score0.74006EPSS
CVE
CVE
added 2026/04/22 8:15 a.m.887 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2016/04/21 10:0 a.m.780 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2017/10/02 9:0 p.m.740 views

CVE-2017-14491

CVE-2017-14491 : Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to crash the service or potentially execute arbitrary code via a crafted DNS response. Affected component: dnsmasq. Root cause described as a heap overflow in the DNS reply-building path. Public details in ...

9.8CVSS9.1AI score0.84925EPSS
CVE
CVE
added 2010/12/06 8:0 p.m.641 views

CVE-2010-3904

CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...

7.8CVSS6.4AI score0.11217EPSS
In wild
CVE
CVE
added 2016/03/09 11:0 p.m.554 views

CVE-2016-1286

CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...

8.6CVSS8.2AI score0.621EPSS
CVE
CVE
added 2009/09/08 6:0 p.m.553 views

CVE-2009-3095

CVE-2009-3095 is a vulnerability in Apache httpd’s mod_proxy_ftp that allows remote authenticated attackers to bypass access restrictions and send arbitrary commands to an FTP server via crafted HTTP Authorization header vectors. The issue is part of a set of fixes for mod_proxy_ftp in the same a...

5CVSS9.4AI score0.1256EPSS
CVE
CVE
added 2018/01/03 6:0 a.m.549 views

CVE-2017-18017

CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....

10CVSS9.5AI score0.52841EPSS
CVE
CVE
added 2011/03/02 7:0 p.m.489 views

CVE-2011-0762

The CVE-2011-0762 issue affects vsftpd prior to a patched release, where the vsftpd GET path handling of glob patterns in STAT commands is flawed. The function vsf_filename_passes_filter in ls.c can be triggered by crafted glob expressions in STAT commands across multiple FTP sessions, enabling r...

4CVSS7.2AI score0.73946EPSS
CVE
CVE
added 2016/03/09 11:0 p.m.454 views

CVE-2016-1285

CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...

6.8CVSS7.2AI score0.59143EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.441 views

CVE-2023-29552

CVE-2023-29552 describes a DoS vulnerability in the Service Location Protocol (SLP) where an unauthenticated remote attacker can register arbitrary services, causing SLP server to respond with spoofed traffic and enabling large amplification (reported up to ~2,200x). Documented impacts include po...

7.5CVSS7.4AI score0.65873EPSS
In wild
CVE
CVE
added 2011/12/25 1:0 a.m.423 views

CVE-2011-4862

CVE-2011-4862 is a remote pre-authentication buffer overflow in the encryption handling of BSD telnetd: libtelnet/encrypt.c in telnetd on FreeBSD 7.3–9.0, krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, and GNU inetutils. The underlying bug allows arbitrary code execution by sending a lon...

10CVSS7.3AI score0.95104EPSS
CVE
CVE
added 2016/05/26 4:0 p.m.419 views

CVE-2016-0718

CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...

9.8CVSS8.7AI score0.13802EPSS
CVE
CVE
added 2021/11/11 12:0 a.m.405 views

CVE-2002-20001

CVE-2002-20001 describes a Diffie-Hellman key exchange weakness where a remote attacker (from the client side) can send non-public values to induce expensive server-side DHE modular-exponentiation, potentially impacting availability. The description specifies that the attack is most disruptive wh...

7.5CVSS7.3AI score0.23061EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.396 views

CVE-2017-13081

CVE-2017-13081 describes a KRACK-class flaw in WPA/WPA2 where the Integrity Group Temporal Key (IGTK) can be reinstalled during the group key handshake. This enables an attacker within radio range to spoof frames from APs to clients, potentially undermining confidentiality and integrity of WPA/WP...

5.3CVSS6.7AI score0.02003EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.384 views

CVE-2017-13079

CVE-2017-13079 is a KRACK-type vulnerability affecting WPA/WPA2 where reinstallation of the Integrity Group Temporal Key (IGTK) can occur during the 4-way handshake. An attacker in radio range can spoof frames from APs to clients by exploiting IGTK reinstallation. Public disclosures and advisorie...

5.3CVSS6.6AI score0.02124EPSS
CVE
CVE
added 2017/10/17 2:0 a.m.382 views

CVE-2017-13077

CVE-2017-13077 is a KRACK-related vulnerability affecting Wi‑Fi (WPA/WPA2) where an attacker within radio range can force PTK nonce reuse during the four‑way handshake, enabling replay, decryption, or spoofing of frames. The initial description confirms the vulnerability and impact. Connected doc...

6.8CVSS7.3AI score0.02388EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.379 views

CVE-2017-13080

CVE-2017-13080 corresponds to the WPA2/Wi‑Fi Key Reinstallation Attack (KRACK) risk, where a network-adjacent attacker can leverage a flaw in the group key handshake to reinstall GTK keys and replay frames. The core description in the initial document confirms: an attacker in radio range can repl...

5.3CVSS6.9AI score0.02285EPSS
CVE
CVE
added 2015/07/23 12:0 a.m.341 views

CVE-2015-1283

The material confirms CVE-2015-1283 is an Expat XML_GetBuffer integer/heap overflow issue, with impact on multiple products using expat up to 2.1.0 (e.g., Chrome before 44.0.2403.89). Related CVEs include CVE-2015-2716 and CVE-2016-4472 (note: the latter indicates the overflow protection was remo...

6.8CVSS8.4AI score0.19069EPSS
CVE
CVE
added 2017/06/19 4:0 p.m.340 views

CVE-2017-1000366

CVE-2017-1000366 affects glibc (vulnerable in 2.25 and earlier). A flaw in heap/stack memory handling allows crafted LD_LIBRARY_PATH values to influence allocation and memory layout, potentially enabling local arbitrary code execution via stack/heap aliasing. Several advisories and distributions ...

7.8CVSS7.4AI score0.02733EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.329 views

CVE-2010-1205

CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...

9.8CVSS9.9AI score0.43382EPSS
CVE
CVE
added 2012/02/16 8:0 p.m.316 views

CVE-2011-3026

CVE-2011-3026 describes a heap-based overflow in libpng caused by an integer overflow in png_decompress_chunk(), leading to potential remote code execution or crashes when handling crafted PNGs. Affected: libpng as used by Chrome (and various products); vulnerable versions precede fixed releases....

6.8CVSS9.1AI score0.73164EPSS
CVE
CVE
added 2017/11/15 9:0 p.m.294 views

CVE-2017-15115

CVE-2017-15115: Linux kernel prior to 4.14 allows local users to trigger a denial of service (use-after-free in sctp_do_peeloff in net/sctp/socket.c) via crafted system calls. Impact is system crash; no explicit exploit details provided in the documents beyond this. The IBM bulletin references th...

7.8CVSS7.7AI score0.0047EPSS
CVE
CVE
added 2017/12/20 11:0 p.m.294 views

CVE-2017-17805

CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...

7.8CVSS7.5AI score0.00428EPSS
CVE
CVE
added 2014/03/21 2:0 p.m.292 views

CVE-2014-2497

Summary of CVE-2014-2497 : The gdImageCreateFromXpm() function in libgd (libgd2) could dereference a NULL pointer when processing an XPM file with a crafted color table, leading to a denial of service (crash). Affected in PHP up to 5.4.26 and earlier. Public references and advisories confirm this...

4.3CVSS7AI score0.22319EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.292 views

CVE-2017-13078

CVE-2017-13078 is part of the KRACK family impacting WPA2. A attacker in Wi‑Fi range could reinstall the GTK during the 4‑way handshake, replaying frames to clients. Apple addresses this via security updates (e.g., HT208221/HT208222) for macOS High Sierra/Sierra and related AirPort firmware; exac...

5.3CVSS6.7AI score0.0207EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.284 views

CVE-2017-13082

CVE-2017-13082 is one of the KRACK-class WPA2 flaws. Android/Arch/Debian/CentOS references describe an issue where a retransmitted FT Reassociation Request can reinstall the PTK during processing, enabling a nearby attacker to replay, decrypt, or spoof frames. Impact described across sources incl...

8.1CVSS7.7AI score0.04575EPSS
CVE
CVE
added 2009/04/17 2:0 p.m.265 views

CVE-2009-1185

CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...

7.2CVSS7.4AI score0.81528EPSS
CVE
CVE
added 2017/10/17 1:0 p.m.261 views

CVE-2017-13087

CVE-2017-13087 affects WPA/WPA2 (WPA2) implementations in wpa_supplicant/wpa and is part of the KRACK family. The issue is a GTK reinstallation triggered when processing a Wireless Network Management Sleep Mode Response frame, allowing an attacker within radio range to replay frames between APs a...

5.3CVSS6.6AI score0.01742EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.259 views

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

10CVSS8.9AI score0.07936EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.257 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.256 views

CVE-2013-4002

CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...

7.1CVSS6.7AI score0.24738EPSS
CVE
CVE
added 2016/08/07 10:0 a.m.255 views

CVE-2016-5772

CVE-2016-5772 : A double free in the PHP WDDX extension (php_wddx_process_data in wddx.c) allows remote attackers to crash the application or potentially execute arbitrary code via crafted XML in wddx_deserialize. Affected PHP versions: before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8. Re...

9.8CVSS8.4AI score0.09674EPSS
CVE
CVE
added 2009/08/06 3:0 p.m.254 views

CVE-2009-2625

CVE-2009-2625 affects Apache Xerces2-Java (XML parser used by JRE/JDK) where parsing a malformed XML with systems DTD identifiers can cause DoS (hangs), via a vulnerability in SYSTEM handling in Xerces2 Java. Connected advisories confirm public fixes: Debian libxerces2-java updates (DSA-1984-1) a...

5CVSS6.1AI score0.3038EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.249 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.247 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2018/11/26 3:0 a.m.244 views

CVE-2018-19542

CVE-2018-19542 affects JasPer 2.0.14. The vulnerability is a NULL pointer dereference in jp2_decode (libjasper/jp2/jp2_dec.c) that leads to a denial of service. The connected documents confirm the issue and cite unpatched status on several Red Hat releases (RHEL 6/7/8) via Nessus entries, but do ...

6.5CVSS6.5AI score0.01946EPSS
Total number of security vulnerabilities334