Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SuseLinux Enterprise Server12

145 matches found

CVE
CVEadded 2018/10/23 2:29 a.m.144 views

CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

6.5CVSS6.6AI score0.02653EPSS
CVE
CVEadded 2014/05/06 10:44 a.m.142 views

CVE-2014-0198

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via v...

4.3CVSS7.4AI score0.32978EPSS
CVE
CVEadded 2020/03/02 4:15 p.m.140 views

CVE-2019-18897

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master...

8.4CVSS7.7AI score0.00102EPSS
CVE
CVEadded 2018/11/26 3:29 a.m.138 views

CVE-2018-19543

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

7.8CVSS7.4AI score0.00365EPSS
CVE
CVEadded 2022/04/27 2:15 p.m.138 views

CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

7.8CVSS7.7AI score0.00103EPSS
CVE
CVEadded 2015/11/17 3:59 p.m.137 views

CVE-2015-0272

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

5CVSS5.9AI score0.06239EPSS
CVE
CVEadded 2020/03/02 5:15 p.m.137 views

CVE-2020-8013

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be con...

2.5CVSS4AI score0.00057EPSS
CVE
CVEadded 2016/07/05 1:59 a.m.134 views

CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

5.9CVSS6.3AI score0.04669EPSS
CVE
CVEadded 2020/03/02 5:15 p.m.134 views

CVE-2019-18902

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SU...

9.8CVSS8.7AI score0.02819EPSS
CVE
CVEadded 2018/10/09 10:29 p.m.133 views

CVE-2018-17962

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

7.5CVSS8.5AI score0.00711EPSS
CVE
CVEadded 2017/03/23 6:59 p.m.132 views

CVE-2016-9398

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5CVSS7AI score0.0411EPSS
CVE
CVEadded 2015/01/09 9:59 p.m.131 views

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1CVSS4.9AI score0.00045EPSS
CVE
CVEadded 2018/10/23 2:29 a.m.131 views

CVE-2018-18585

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

4.3CVSS5.3AI score0.00389EPSS
CVE
CVEadded 2020/03/02 5:15 p.m.130 views

CVE-2019-18903

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. S...

9.8CVSS8.7AI score0.02819EPSS
CVE
CVEadded 2016/04/27 5:59 p.m.126 views

CVE-2016-2782

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) in...

4.9CVSS6.1AI score0.00222EPSS
CVE
CVEadded 2015/01/09 9:59 p.m.125 views

CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

2.1CVSS4.5AI score0.00155EPSS
CVE
CVEadded 2015/03/02 11:59 a.m.124 views

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disal...

5CVSS5.7AI score0.02449EPSS
CVE
CVEadded 2016/04/19 9:59 p.m.121 views

CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

9.1CVSS8.5AI score0.06886EPSS
CVE
CVEadded 2014/07/17 11:17 a.m.120 views

CVE-2014-4258

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

6.5CVSS6.1AI score0.00605EPSS
CVE
CVEadded 2016/07/05 1:59 a.m.120 views

CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

7.5CVSS7.3AI score0.19204EPSS
CVE
CVEadded 2016/07/05 1:59 a.m.120 views

CVE-2016-4954

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

7.5CVSS6.9AI score0.07993EPSS
CVE
CVEadded 2020/03/02 4:15 p.m.120 views

CVE-2019-18901

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Serv...

5.5CVSS5.5AI score0.00102EPSS
CVE
CVEadded 2016/04/19 9:59 p.m.119 views

CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

9.8CVSS9AI score0.03538EPSS
CVE
CVEadded 2016/04/19 9:59 p.m.117 views

CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

9.8CVSS9.1AI score0.08413EPSS
CVE
CVEadded 2016/04/19 9:59 p.m.116 views

CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.8CVSS9.2AI score0.06371EPSS
CVE
CVEadded 2016/04/21 10:59 a.m.115 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00414EPSS
CVE
CVEadded 2015/06/15 3:59 p.m.112 views

CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

7.5CVSS6.5AI score0.04545EPSS
CVE
CVEadded 2019/03/21 3:59 p.m.111 views

CVE-2017-16232

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

7.5CVSS6.7AI score0.01738EPSS
CVE
CVEadded 2014/10/15 3:55 p.m.109 views

CVE-2014-6469

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.

6.8CVSS5.6AI score0.00986EPSS
CVE
CVEadded 2016/04/13 3:59 p.m.108 views

CVE-2015-8551

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-th...

6CVSS5.6AI score0.00073EPSS
CVE
CVEadded 2017/10/17 1:29 p.m.106 views

CVE-2017-13084

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

6.8CVSS7AI score0.00901EPSS
CVE
CVEadded 2017/03/15 7:59 p.m.106 views

CVE-2017-5898

Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.

5.5CVSS5.7AI score0.00094EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.105 views

CVE-2014-6494

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.

4.3CVSS6.4AI score0.01302EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.105 views

CVE-2014-6559

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.

4.3CVSS5.6AI score0.01015EPSS
CVE
CVEadded 2016/09/20 2:15 p.m.105 views

CVE-2015-8934

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

5.5CVSS6AI score0.0241EPSS
CVE
CVEadded 2014/07/17 5:10 a.m.104 views

CVE-2014-2494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

4CVSS6.1AI score0.00663EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.104 views

CVE-2014-6520

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.

4CVSS6.2AI score0.00908EPSS
CVE
CVEadded 2015/01/21 3:28 p.m.104 views

CVE-2014-6568

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

3.5CVSS6.1AI score0.00236EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.104 views

CVE-2015-0391

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

4CVSS6.1AI score0.00413EPSS
CVE
CVEadded 2014/07/17 11:17 a.m.103 views

CVE-2014-4260

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

5.5CVSS6AI score0.0046EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.101 views

CVE-2015-0382

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

4.3CVSS6.6AI score0.05592EPSS
CVE
CVEadded 2020/01/23 8:15 p.m.101 views

CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

6.5CVSS6.4AI score0.043EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.100 views

CVE-2014-6496

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.

4.3CVSS6.4AI score0.01302EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.100 views

CVE-2015-0381

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

4.3CVSS6.6AI score0.05592EPSS
CVE
CVEadded 2016/04/21 10:59 a.m.100 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

5.5CVSS4.6AI score0.00255EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.99 views

CVE-2014-6530

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.

6.5CVSS6.2AI score0.00908EPSS
CVE
CVEadded 2015/11/06 9:59 p.m.98 views

CVE-2015-6855

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a d...

7.5CVSS7.4AI score0.04251EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.97 views

CVE-2015-0374

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

3.5CVSS5.9AI score0.00153EPSS
CVE
CVEadded 2015/01/21 7:59 p.m.97 views

CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

4CVSS6.1AI score0.00237EPSS
CVE
CVEadded 2014/10/15 10:55 p.m.96 views

CVE-2014-6551

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.

2.1CVSS6.1AI score0.00147EPSS
Total number of security vulnerabilities145