Lucene search

K
SuseLinux Enterprise Server11

333 matches found

CVE
CVE
added 2013/03/28 11:55 p.m.207 views

CVE-2013-1861

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number o...

5CVSS5.1AI score0.54136EPSS
Web
CVE
CVE
added 2012/02/01 4:55 p.m.198 views

CVE-2012-0444

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute...

10CVSS8.9AI score0.02228EPSS
CVE
CVE
added 2012/12/03 12:49 p.m.196 views

CVE-2012-5612

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain varia...

6.5CVSS5.7AI score0.51769EPSS
Web
CVE
CVE
added 2009/08/06 3:30 p.m.193 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as ...

5CVSS6.1AI score0.00432EPSS
Web
CVE
CVE
added 2017/12/20 11:29 p.m.190 views

CVE-2017-17806

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SH...

7.8CVSS7.4AI score0.0004EPSS
CVE
CVE
added 2014/04/27 12:55 a.m.184 views

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdou...

2.1CVSS6AI score0.00027EPSS
CVE
CVE
added 2011/12/15 3:57 a.m.183 views

CVE-2011-4516

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 fi...

6.8CVSS5.4AI score0.47823EPSS
CVE
CVE
added 2017/12/12 3:29 p.m.183 views

CVE-2017-17558

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-o...

7.2CVSS7AI score0.00083EPSS
CVE
CVE
added 2010/12/30 7:0 p.m.181 views

CVE-2010-4258

The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer...

6.2CVSS6AI score0.01967EPSS
CVE
CVE
added 2022/02/19 12:15 a.m.180 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

7.8CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2021/06/02 2:15 p.m.174 views

CVE-2018-10195

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

7.1CVSS6.5AI score0.00138EPSS
CVE
CVE
added 2017/07/21 2:29 p.m.173 views

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5CVSS7.1AI score0.0364EPSS
CVE
CVE
added 2018/11/26 3:29 a.m.171 views

CVE-2018-19539

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

6.5CVSS6.5AI score0.01026EPSS
CVE
CVE
added 2018/11/26 3:29 a.m.170 views

CVE-2018-19541

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3,...

8.8CVSS7.2AI score0.01249EPSS
CVE
CVE
added 2010/06/30 6:30 p.m.162 views

CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

9.8CVSS9.9AI score0.17033EPSS
CVE
CVE
added 2017/01/30 9:59 p.m.161 views

CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

4.3CVSS5.6AI score0.02732EPSS
CVE
CVE
added 2011/12/15 3:57 a.m.159 views

CVE-2011-4517

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a cra...

6.8CVSS5AI score0.4213EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.159 views

CVE-2012-4186

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS9.6AI score0.55611EPSS
CVE
CVE
added 2017/07/21 2:29 p.m.158 views

CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

7.5CVSS7.1AI score0.11834EPSS
CVE
CVE
added 2018/11/26 3:29 a.m.158 views

CVE-2018-19540

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3,...

8.8CVSS7.4AI score0.00782EPSS
CVE
CVE
added 2016/07/05 1:59 a.m.152 views

CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

5.3CVSS6.4AI score0.02275EPSS
CVE
CVE
added 2018/10/23 2:29 a.m.148 views

CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

6.5CVSS6.6AI score0.02011EPSS
CVE
CVE
added 2022/04/27 2:15 p.m.146 views

CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

7.8CVSS7.7AI score0.00257EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.143 views

CVE-2012-5829

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS9.2AI score0.06844EPSS
CVE
CVE
added 2015/11/17 3:59 p.m.142 views

CVE-2015-0272

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

5CVSS5.9AI score0.06239EPSS
CVE
CVE
added 2018/10/09 10:29 p.m.141 views

CVE-2018-17962

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

7.5CVSS8.5AI score0.00345EPSS
CVE
CVE
added 2018/11/26 3:29 a.m.140 views

CVE-2018-19543

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

7.8CVSS7.4AI score0.00365EPSS
CVE
CVE
added 2020/03/02 5:15 p.m.139 views

CVE-2020-8013

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be con...

2.5CVSS4AI score0.00057EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.138 views

CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS4.8AI score0.00555EPSS
CVE
CVE
added 2010/05/19 6:30 p.m.137 views

CVE-2010-1321

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial o...

6.8CVSS5.4AI score0.02199EPSS
Web
CVE
CVE
added 2015/01/09 9:59 p.m.137 views

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1CVSS4.9AI score0.00045EPSS
CVE
CVE
added 2015/04/16 5:0 p.m.137 views

CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5CVSS5AI score0.0441EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.137 views

CVE-2016-5244

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

7.5CVSS6.9AI score0.00645EPSS
CVE
CVE
added 2012/06/16 9:55 p.m.136 views

CVE-2012-1717

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

2.1CVSS7.6AI score0.00155EPSS
CVE
CVE
added 2016/07/05 1:59 a.m.136 views

CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

5.9CVSS6.3AI score0.05194EPSS
CVE
CVE
added 2019/11/15 4:15 p.m.135 views

CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

7.5CVSS7.2AI score0.00646EPSS
CVE
CVE
added 2018/10/23 2:29 a.m.135 views

CVE-2018-18585

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

4.3CVSS5.3AI score0.00402EPSS
CVE
CVE
added 2015/01/09 9:59 p.m.134 views

CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

2.1CVSS4.5AI score0.00155EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.132 views

CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

4CVSS4.8AI score0.00573EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.131 views

CVE-2013-0754

Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to exec...

9.3CVSS9.4AI score0.0283EPSS
CVE
CVE
added 2015/09/28 8:59 p.m.131 views

CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buff...

6.8CVSS8.9AI score0.05081EPSS
CVE
CVE
added 2015/03/02 11:59 a.m.130 views

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disal...

5CVSS5.7AI score0.02449EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.129 views

CVE-2016-2782

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) in...

4.9CVSS6.1AI score0.00473EPSS
CVE
CVE
added 2014/07/17 11:17 a.m.127 views

CVE-2014-4258

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

6.5CVSS6.1AI score0.00733EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.127 views

CVE-2015-0501

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

5.7CVSS4.8AI score0.00965EPSS
CVE
CVE
added 2014/07/03 4:22 a.m.126 views

CVE-2014-4608

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO alg...

7.5CVSS5.7AI score0.08071EPSS
In wild
CVE
CVE
added 2016/04/19 9:59 p.m.126 views

CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

9.1CVSS8.5AI score0.0538EPSS
CVE
CVE
added 2013/12/12 6:55 p.m.125 views

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. N...

5CVSS7.7AI score0.0243EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.125 views

CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS
CVE
CVE
added 2010/12/30 7:0 p.m.124 views

CVE-2010-4158

The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from k...

2.1CVSS5.6AI score0.00345EPSS
Web
Total number of security vulnerabilities333