Lucene search
K
SuseLinux Enterprise Software Development Kit

296 matches found

CVE
CVE
added 2013/12/11 3:0 p.m.116 views

CVE-2013-5611

CVE-2013-5611 refers to Mozilla Firefox (pre-26.0) where an App Installation doorhanger isn’t properly removed, enabling a remote attacker to spoof a Web App installation site by timing page navigation. Connected sources confirm affected products and fixes: IBM/SONAS and IBM Storwize advisories l...

5.8CVSS9AI score0.02138EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.115 views

CVE-2012-4205

CVE-2012-4205 affects Mozilla Firefox (prior to 17.0), Mozilla Thunderbird (prior to 17.0), and SeaMonkey (prior to 2.14). The root cause, per the description, is that XMLHttpRequest objects created in sandboxes are assigned the system principal rather than the sandbox principal, enabling CSRF ag...

6.8CVSS8.5AI score0.01613EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.115 views

CVE-2014-6484

CVE-2014-6484 is listed as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, with remote authenticated users able to affect availability via SERVER:DML. Connected Red Hat advisories (RHSA-2014-1940 and RHSA-2014-1862) classify this under MariaDB/MySQL...

4CVSS6.2AI score0.02667EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.115 views

CVE-2015-2737

CVE-2015-2737 affects Mozilla Firefox before 39.0 (and ESR 31.x before 31.8, 38.x before 38.1) and Thunderbird before 38.1. It targets rx::d3d11::SetBufferData, which reads data from uninitialized memory locations. The description notes the impact and attack vectors are unspecified; no explicit f...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.115 views

CVE-2015-8931

CVE-2015-8931 involves multiple integer overflows in libarchive’s mtree support. The vulnerability arises in archive_read_support_format_mtree.c (mtree parser) in libarchive before 3.2.0, potentially allowing a remote attacker to trigger undefined behavior via a crafted mtree file. Connected advi...

7.8CVSS8AI score0.02122EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.115 views

CVE-2016-0668

CVE-2016-0668 affects Oracle MySQL 5.6.28 and earlier, 5.7.10 and earlier, and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12. The vulnerability is described as an unspecified issue related to InnoDB that can allow local users to affect availability. Remediation stated in the sources inc...

4.1CVSS4.3AI score0.0146EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.113 views

CVE-2012-4209

Mode C: The CVE-2012-4209 issue affects Mozilla-based components used in MiracleLinux 4 (firefox-10.0.11-1.0.1.AXS4, xulrunner-10.0.11-1.0.1.AXS4) and is described as allowing cross-site scripting by abusing top frame name and location access. Affected products include Mozilla Firefox and Firefox...

4.3CVSS7.8AI score0.02546EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.113 views

CVE-2013-3805

CVE-2013-3805 affects Oracle MySQL: MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 is vulnerable. Description specifies an unspecified vulnerability that allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. The entry do...

4CVSS5.1AI score0.02291EPSS
CVE
CVE
added 2015/07/02 9:16 p.m.113 views

CVE-2015-0192

Technical details for CVE-2015-0192 are not provided in the connected documents. The initial description names IBM Java vulnerabilities but does not specify affected products, versions, vectors, or fixes in the supplied sources. Monitor for updates.

9.8CVSS4.5AI score0.04542EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.113 views

CVE-2015-8933

CVE-2015-8933 is a Libarchive vulnerability: an integer overflow in archive_read_support_format_tar_skip() within archive_read_format_tar.c, affecting Libarchive prior to 3.2.0. This can allow a remote attacker to crash a target via a crafted tar file (DoS). The connected Nessus/EulerOS entries c...

5.5CVSS6AI score0.02028EPSS
CVE
CVE
added 2009/09/15 10:0 p.m.112 views

CVE-2009-2903

The CVE-2009-2903 entry concerns a memory leak in the Linux kernel appletalk subsystem. When the appletalk and ipddp modules are loaded but the ipddp device is not found, remote attackers can trigger memory consumption leading to a denial of service. The issue affects 2.4.x up to 2.4.37.6 and 2.6...

7.1CVSS6.6AI score0.03848EPSS
CVE
CVE
added 2010/09/03 7:0 p.m.112 views

CVE-2010-2226

CVE-2010-2226 affects the Linux kernel: the xfs_swapext function in fs/xfs/xfs_dfrag.c does not properly validate file descriptors passed to the SWAPEXT ioctl, enabling a local user with write access to swap a file into another and gain read access. The issue is present in kernel versions before ...

2.1CVSS6.9AI score0.00434EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.112 views

CVE-2012-1973

CVE-2012-1973 is a use-after-free vulnerability in Mozilla Firefox family components. The issue arises in nsObjectLoadingContent::LoadObject, affecting Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. Expl...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.112 views

CVE-2012-3961

CVE-2012-3961 is a use-after-free in the RangeData implementation affecting Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0/ESR 10.x before 10.0.7, and SeaMonkey before 2.12. Exploitation could allow remote code execution or a denial of service via heap memory...

10CVSS9.4AI score0.06664EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.112 views

CVE-2014-1484

CVE-2014-1484 affects Mozilla Firefox on Android 4.2 and earlier, where system logs may contain profile paths, enabling a crafted application to access sensitive information. Connected docs reference the CVE within openSUSE Firefox ESR advisories and indicate fixes in later Firefox ESR updates (e...

5CVSS8.5AI score0.01556EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.112 views

CVE-2014-6507

CVE-2014-6507 affects Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier. A vulnerability in SERVER:DML could allow remote authenticated users to impact confidentiality, integrity, and availability. The description and affected versions are cited across multiple advisories (Oracle CPU...

4.3CVSS5.5AI score0.0726EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.112 views

CVE-2015-8932

The CVE-2015-8932 issue affects the libarchive library, specifically the compress_bidder_init function in archive_read_support_filter_compress.c, before version 3.2.0. A crafted tar file can trigger an invalid left shift, allowing a remote attacker to cause a denial of service (crash). Public ref...

5.5CVSS5.8AI score0.02214EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.111 views

CVE-2013-0770

CVE-2013-0770 affects Mozilla Firefox (pre-18.0), Thunderbird (pre-17.0.2), and SeaMonkey (pre-2.15). The issue is described as multiple unspecified vulnerabilities in the browser engine that can cause memory corruption and application crashes, with potential for arbitrary code execution via unkn...

9.3CVSS9.8AI score0.05852EPSS
CVE
CVE
added 2010/11/29 3:0 p.m.110 views

CVE-2010-4078

CVE-2010-4078 affects the Linux kernel before 2.6.36-rc6, where the sisfb_ioctl function in drivers/video/sis/sis_main.c fails to properly initialize a structure member. This allows local users to leak potentially sensitive information from kernel stack memory via the FBIOGET_VBLANK ioctl. Connec...

1.9CVSS7AI score0.0038EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.110 views

CVE-2012-4208

CVE-2012-4208 affects Mozilla Firefox ≤ prior to 17.0, Thunderbird ≤ prior to 17.0, and SeaMonkey ≤ 2.13/2.14. The XrayWrapper did not consider compartment during property filtering, allowing remote sites to bypass chrome-only restrictions on reading DOM object properties. Impact per description:...

4.3CVSS8.1AI score0.0211EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.110 views

CVE-2013-0769

CVE-2013-0769 refers to multiple unspecified vulnerabilities in the Mozilla browser engine that could cause memory corruption and application crashes, potentially enabling remote code execution. Affected products and versions cited in connected docs include Mozilla Firefox before 18.0, Firefox ES...

9.3CVSS9.9AI score0.05784EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.109 views

CVE-2013-3793

CVE-2013-3793 affects Oracle MySQL Server: 5.5.31 and earlier and 5.6.11 and earlier. It is described as an unspecified vulnerability related to Data Manipulation Language that allows remote authenticated users to affect availability via unknown vectors. Connected documents (Nessus/OpenVAS) refer...

4CVSS4.9AI score0.0309EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.109 views

CVE-2015-8928

CVE-2015-8928 affects libarchive MTREE parser: an out-of-bounds read in process_add_entry() when processing a crafted mtree file. Impact is denial of service and potential information disclosure. Affected upstream: libarchive before 3.2.0. Remediation: upgrade to 3.2.0 or later where fixed. Other...

5.5CVSS6.2AI score0.0206EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.108 views

CVE-2012-1974

CVE-2012-1974 is a use-after-free vulnerability in gfxTextRun::CanBreakLineBefore affecting Mozilla Firefox (and related apps like Thunderbird/SeaMonkey) prior to version 15.0, with remote code execution or a denial of service via unspecified vectors. The connected Nessus entries confirm the CVE ...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.108 views

CVE-2012-1975

CVE-2012-1975 is a Use-after-free vulnerability in PresShell::CompleteMove affecting Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. It potentially allows remote code execution or a denial of serv...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.108 views

CVE-2014-6478

CVE-2014-6478 affects Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier. The vulnerability is described as unspecified, enabling remote attackers to compromise integrity via vectors related to SERVER:SSL:yaSSL . The connected sources confirm the same CVE ID in multiple advisories and...

4.3CVSS6.3AI score0.02554EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.108 views

CVE-2014-6495

CVE-2014-6495 is described in the Initial document as an unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier, enabling remote attackers to affect availability via SERVER:SSL:yaSSL. Connected documents reference this CVE within broader MariaDB/MySQL vulnerabi...

4.3CVSS6.3AI score0.03004EPSS
CVE
CVE
added 2015/06/03 8:0 p.m.108 views

CVE-2015-4106

CVE-2015-4106 : QEMU does not properly restrict write access to the PCI config space for certain PCI passthrough devices, which the documents describe as enabling local x86 HVM guests to gain privileges, cause host crashes, obtain sensitive information, or suffer other unspecified impact. The con...

4.6CVSS7.6AI score0.00483EPSS
CVE
CVE
added 2011/01/03 7:26 p.m.107 views

CVE-2010-4162

CVE-2010-4162: Linux kernel before 2.6.36.2 contains multiple integer overflows in fs/bio.c that allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. MiracleLinux AXSA:2011-57 lists CVE-2010-4162 among affected kernel issues and references a f...

4.7CVSS6.6AI score0.00393EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.107 views

CVE-2012-4204

The CVE-2012-4204 entry describes a memory-corruption/remote-code-execution vulnerability in Mozilla Firefox’s JavaScript engine (str_unescape) affecting Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14, exploitable via unspecified vectors. Connected documents indicate rela...

9.3CVSS8.9AI score0.05784EPSS
CVE
CVE
added 2008/11/13 11:0 a.m.106 views

CVE-2008-5021

The CVE-2008-5021 vulnerability affects Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13. It is caused by modifying properties of a file input element while it is still initializing, followed by using blur to access un...

9.3CVSS10AI score0.03633EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.106 views

CVE-2013-0759

CVE-2013-0759 affects Mozilla Firefox (and related Mozilla components) prior to version 18.0, Firefox ESR prior to 10.0.12 and 17.0.2, Thunderbird prior to 17.0.2 and ESR prior to 10.0.12/17.0.2, and SeaMonkey prior to 2.15. The vulnerability allows remote attackers to spoof the address bar by ex...

5CVSS6.3AI score0.02284EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.106 views

CVE-2016-3068

Mercurial before 3.7.3 is vulnerable to remote code execution via a crafted git ext:: URL when cloning a subrepository, enabling an attacker to run arbitrary code. Public advisories (ALAS-2016-697; CentOS/RH/Fedora updates) confirm this CVE-2016-3068 issue and indicate the fix is mercurial 3.7.3....

8.8CVSS8.7AI score0.05405EPSS
CVE
CVE
added 2011/07/11 8:0 p.m.105 views

CVE-2011-1526

The CVE-2011-1526 issue affects MIT Kerberos Version 5 Applications (krb5-appl) ftpd.c: it does not check the krb5_setegid return value, enabling remote authenticated users to bypass group restrictions and perform create/overwrite/delete/read of files via FTP. The vulnerability is reported in con...

6.5CVSS4.6AI score0.03938EPSS
CVE
CVE
added 2013/02/08 8:0 p.m.105 views

CVE-2013-0170

CVE-2013-0170 is a use-after-free in virNetMessageFree (rpc/virnetserverclient.c) affecting libvirt 1.0.x prior to 1.0.2, 0.10.2 prior to 0.10.2.3, 0.9.11 prior to 0.9.11.9, and 0.9.6 prior to 0.9.6.4. By triggering certain errors during an RPC connection, a freed message may remain in the queue,...

6.8CVSS7.5AI score0.05774EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.105 views

CVE-2013-3801

CVE-2013-3801 affects the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10. It is described as an unspecified vulnerability that remote authenticated users can exploit to affect availability via unknown vectors related to Server Options. The connected Nessus entries confirm mu...

5CVSS5AI score0.03788EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.105 views

CVE-2013-3809

CVE-2013-3809 is reflected in multiple sources as an issue in the MySQL Server component of Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier. The description specifies an unspecified vulnerability that remotely authenticated users can exploit to affect integrity via unknown vectors related ...

4CVSS4.9AI score0.02648EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.105 views

CVE-2014-1499

CVE-2014-1499 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue lets a remote attacker spoof the domain in the WebRTC camera or microphone permission prompts by triggering a navigation at a specific moment during prompt generation. This is caused by how the browser hand...

4.3CVSS9AI score0.01941EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.104 views

CVE-2012-3957

Affected components: Mozilla Firefox before 15.0 (and Firefox ESR 10.x before 10.0.7), Thunderbird before 15.0 (and Thunderbird ESR 10.x before 10.0.7), SeaMonkey before 2.12.** Vulnerability and root cause: Heap-based buffer overflow in nsBlockFrame::MarkLineDirty, enabling remote code execution...

10CVSS9.6AI score0.07762EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.104 views

CVE-2013-0763

CVE-2013-0763 is a use-after-free vulnerability in Mozilla Firefox (pre-18.0) and Firefox ESR 17.x (pre-17.0.1), Thunderbird (pre-17.0.2/ESR 17.x pre-17.0.1), and SeaMonkey (pre-2.15). It is triggered via Mesa driver interactions and a resized WebGL canvas, potentially allowing remote attackers t...

9.3CVSS9.3AI score0.04395EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.104 views

CVE-2013-3794

CVE-2013-3794: Unspecified vulnerability in the MySQL Server component (Oracle MySQL 5.5.30 and earlier, 5.6.10) allowing remote authenticated users to affect availability; underlying vectors are unknown. The connected documents do not provide concrete technical details (no explicit root cause, a...

4CVSS5AI score0.02711EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.104 views

CVE-2014-3468

The CVE concerns GNU Libtasn1 prior to version 3.6, where asn1_get_bit_der does not properly report an error for a negative bit length. This can enable context-dependent attackers to trigger out-of-bounds access via crafted ASN.1 data, potentially impacting applications using libtasn1. Public ref...

7.5CVSS5.8AI score0.03789EPSS
CVE
CVE
added 2016/05/24 3:0 p.m.102 views

CVE-2016-0264

CVE-2016-0264 is a buffer overflow in IBM Runtime Environment Java (IBM SDK, Java Technology Edition) that allows remote code execution under certain conditions. Affected IBM JRE/JVM versions include IBM SDK 6 (pre SR16 FP25), 6 R1 (pre SR8 FP25), 7 (pre SR9 FP40) and 7 R1 (pre SR3 FP40), and 8 (...

6.8CVSS7.2AI score0.03925EPSS
CVE
CVE
added 2016/09/20 2:0 p.m.100 views

CVE-2015-8926

CVE-2015-8926 affects libarchive, where the function archive_read_format_rar_read_data in the RAR parser can be triggered by a specially crafted RAR file to cause a crash (denial of service). The initial description notes this as a vulnerability in libarchive prior to 3.2.0. Connected sources cor...

5.5CVSS6.1AI score0.01995EPSS
CVE
CVE
added 2016/04/13 4:0 p.m.100 views

CVE-2016-3069

CVE-2016-3069 affects Mercurial up to version 3.7.2, where a crafted Git repository name used during conversion can cause remote code execution. The root cause is insufficient sanitization in the convert path when handling Git sub-repository URLs/names, enabling arbitrary code execution. Impact i...

8.8CVSS8.7AI score0.04953EPSS
CVE
CVE
added 2008/05/02 4:0 p.m.99 views

CVE-2008-1375

CVE-2008-1375 describes a race condition in the Linux kernel’s directory notification subsystem (dnotify). It affects Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1. Successful exploitation could allow local users to cause a denial of service (OOPS) and possibly gain privileges vi...

6.9CVSS6AI score0.00306EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.98 views

CVE-2012-4215

CVE-2012-4215 is a use-after-free in Mozilla Firefox’s nsPlaintextEditor::FireClipboardEvent that could allow remote code execution or a heap memory corruption, affecting Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before...

9.3CVSS9AI score0.06074EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.98 views

CVE-2012-4216

CVE-2012-4216 is a use-after-free in gfxFont::GetFontEntry affecting Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14. Exploitation could lead to remote code execution or a denial of service via h...

9.3CVSS9AI score0.06074EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.98 views

CVE-2014-3469

CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...

5CVSS5.6AI score0.03817EPSS
CVE
CVE
added 2016/06/06 5:0 p.m.98 views

CVE-2015-5041

CVE-2015-5041 : IBM J9 JVM flaw in IBM SDK, Java Technology Edition allows remote attackers to invoke non-public interface methods, potentially exposing sensitive data or allowing data injection. Affected IBM Java versions: 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 bef...

9.1CVSS8.7AI score0.03901EPSS
Total number of security vulnerabilities296