Lucene search
K
SuseLinux Enterprise Software Development Kit11

189 matches found

CVE
CVE
added 2014/02/06 2:0 a.m.15494 views

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

4.3CVSS8.4AI score0.04664EPSS
CVE
CVE
added 2011/08/29 3:0 p.m.4576 views

CVE-2011-3192

CVE-2011-3192 is a DoS flaw in the Apache HTTP Server related to how Range headers are processed. In affected releases of httpd (1.3.x, 2.0.x up to 2.0.64, and 2.2.x up to 2.2.19), a remote attacker can trigger excessive memory and CPU usage by sending a Range header with multiple overlapping ran...

7.8CVSS6.3AI score0.98945EPSS
In wildWeb
CVE
CVE
added 2014/09/24 6:0 p.m.2919 views

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2012/05/11 10:0 a.m.1945 views

CVE-2012-1823

CVE-2012-1823 affects PHP when run as CGI (php-cgi). The issue is that sapi/cgi/cgi_main.c mishandles query strings without an =, enabling remote code execution by passing command-line options in the query. Affected PHP versions include 5.3.x up to 5.3.12 and 5.4.x up to 5.4.2, with exploitation ...

9.8CVSS9.9AI score0.99998EPSS
In wildWeb
CVE
CVE
added 2014/09/25 1:0 a.m.1335 views

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

10CVSS8.4AI score0.9994EPSS
In wild
CVE
CVE
added 2012/06/07 10:0 p.m.1244 views

CVE-2012-0507

CVE-2012-0507 affects Oracle Java SE/JRE (7u2 and earlier, 6u30 and earlier, 5.0u33 and earlier). Root cause: AtomicReferenceArray may not enforce Object[] type, enabling type confusion. Impacts include potential sandbox breach and JVM crash; remote code execution is discussed in related advisori...

10CVSS9AI score0.98113EPSS
In wild
CVE
CVE
added 2013/06/18 10:0 p.m.1198 views

CVE-2013-2465

CVE-2013-2465 is a Java 2D component vulnerability that can cause memory corruption and potential sandbox bypass/remote code execution. It affected Oracle Java SE up to JRE 7u21, JDK 6 up to 6u45, and OpenJDK 7, with 2D-related vectors noted in public disclosures. Several advisories (Debian DSA-2...

10CVSS6.7AI score0.98704EPSS
In wild
CVE
CVE
added 2013/06/26 1:0 a.m.1177 views

CVE-2013-1690

CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...

9.3CVSS7.4AI score0.69021EPSS
In wild
CVE
CVE
added 2016/05/05 6:0 p.m.1093 views

CVE-2016-3718

ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...

5.5CVSS6.7AI score0.76897EPSS
In wild
CVE
CVE
added 2016/05/05 6:0 p.m.1092 views

CVE-2016-3715

Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...

5.8CVSS6.3AI score0.75383EPSS
In wild
CVE
CVE
added 2014/03/14 3:0 p.m.977 views

CVE-2014-2323

Lighttpd vulnerability CVE-2014-2323: SQL injection in mod_mysql_vhost.c allows remote command execution via the host name (related to request_check_hostname). Affected software: lighttpd prior to 1.4.35. Impact risk is described in public advisories as enabling arbitrary SQL execution. Remediati...

9.8CVSS9.8AI score0.61665EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.973 views

CVE-2015-4902

CVE-2015-4902 is an unspecified vulnerability in Oracle Java SE affecting Java 6u101, 7u85, and 8u60, with impact limited to integrity via unknown vectors related to Deployment. The Connected documents confirm the affected products and the vulnerability class, but do not provide concrete exploit ...

5.3CVSS5.5AI score0.13354EPSS
In wild
CVE
CVE
added 2015/08/08 12:0 a.m.972 views

CVE-2015-4495

CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...

8.8CVSS6.6AI score0.70226EPSS
In wildWeb
CVE
CVE
added 2015/04/01 12:0 a.m.947 views

CVE-2015-2808

CVE-2015-2808 concerns RC4 usage in TLS/SSL within OpenJDK/OpenJDK components. The Invariance Weakness (Bar Mitzvah) means RC4 key material can leak partial plaintext from the first bytes of a TLS/SSL stream, enabling plaintext-recovery under certain traffic patterns. Public advisories for OpenJD...

5CVSS4.8AI score0.73851EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.780 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2016/03/09 11:0 p.m.554 views

CVE-2016-1286

CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...

8.6CVSS8.2AI score0.621EPSS
CVE
CVE
added 2018/01/03 6:0 a.m.550 views

CVE-2017-18017

CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....

10CVSS9.5AI score0.52841EPSS
CVE
CVE
added 2016/03/09 11:0 p.m.454 views

CVE-2016-1285

CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...

6.8CVSS7.2AI score0.59143EPSS
CVE
CVE
added 2011/12/25 1:0 a.m.423 views

CVE-2011-4862

CVE-2011-4862 is a remote pre-authentication buffer overflow in the encryption handling of BSD telnetd: libtelnet/encrypt.c in telnetd on FreeBSD 7.3–9.0, krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, and GNU inetutils. The underlying bug allows arbitrary code execution by sending a lon...

10CVSS7.3AI score0.95104EPSS
CVE
CVE
added 2016/05/26 4:0 p.m.421 views

CVE-2016-0718

CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...

9.8CVSS8.7AI score0.13802EPSS
CVE
CVE
added 2014/03/14 3:0 p.m.374 views

CVE-2014-2324

CVE-2014-2323 and CVE-2014-2324 affect lighttpd prior to 1.4.35. The issues include: (1) SQL injection in mod_mysql_vhost.c via the host name (CVE-2014-2323); and (2) directory traversal via host-name input in mod_evhost and mod_simple_vhost (CVE-2014-2324). These allow remote attackers to manipu...

5CVSS9.2AI score0.28814EPSS
CVE
CVE
added 2015/07/23 12:0 a.m.342 views

CVE-2015-1283

The material confirms CVE-2015-1283 is an Expat XML_GetBuffer integer/heap overflow issue, with impact on multiple products using expat up to 2.1.0 (e.g., Chrome before 44.0.2403.89). Related CVEs include CVE-2015-2716 and CVE-2016-4472 (note: the latter indicates the overflow protection was remo...

6.8CVSS8.4AI score0.19069EPSS
CVE
CVE
added 2013/10/17 11:0 p.m.305 views

CVE-2013-4365

The vulnerability CVE-2013-4365 affects Apache HTTP Server’s mod_fcgid module. A heap-based buffer overflow in fcgid_header_bucket_read (fcgid_bucket.c) prior to version 2.3.9 could allow remote attackers to cause an impact via unspecified vectors. Affected product/version: mod_fcgid before 2.3.9...

7.5CVSS7AI score0.13141EPSS
CVE
CVE
added 2014/03/21 2:0 p.m.294 views

CVE-2014-2497

Summary of CVE-2014-2497 : The gdImageCreateFromXpm() function in libgd (libgd2) could dereference a NULL pointer when processing an XPM file with a crafted color table, leading to a denial of service (crash). Affected in PHP up to 5.4.26 and earlier. Public references and advisories confirm this...

4.3CVSS7AI score0.22319EPSS
CVE
CVE
added 2012/02/01 4:0 p.m.259 views

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

10CVSS8.9AI score0.07936EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.258 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
CVE
CVE
added 2016/08/07 10:0 a.m.255 views

CVE-2016-5772

CVE-2016-5772 : A double free in the PHP WDDX extension (php_wddx_process_data in wddx.c) allows remote attackers to crash the application or potentially execute arbitrary code via crafted XML in wddx_deserialize. Affected PHP versions: before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8. Re...

9.8CVSS8.4AI score0.09674EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.249 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
CVE
CVE
added 2013/03/28 11:0 p.m.240 views

CVE-2013-1861

CVE-2013-1861 affects MariaDB SQL branches (5.5.x up to 5.5.30, 5.3.x up to 5.3.13, 5.2.x up to 5.2.15, 5.1.x up to 5.1.68) and Oracle MySQL (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The vulnerability allows remote DoS (crash) via a crafted geometry feature with a large number...

5CVSS5.1AI score0.18675EPSS
CVE
CVE
added 2012/12/03 11:0 a.m.219 views

CVE-2012-5612

CVE-2012-5612 describes a heap-based buffer overflow in Oracle MySQL 5.5.19–5.5.28 and MariaDB 5.5.28a (and possibly other versions), enabling remote authenticated users to cause memory corruption, crash the server, and potentially execute arbitrary code. The vulnerability is exploited via a vari...

6.5CVSS5.7AI score0.20837EPSS
CVE
CVE
added 2011/12/15 2:0 a.m.205 views

CVE-2011-4516

CVE-2011-4516 affects JasPer, specifically the heap-based buffer overflow in the function jpc_cox_getcompparms (libjasper/jpc/jpc_cs.c) within JasPer 1.900.1. A crafted value in a COD (coding style default) marker segment of a JPEG2000 file can cause remote code execution or memory corruption, po...

6.8CVSS5.4AI score0.10618EPSS
CVE
CVE
added 2012/06/16 9:0 p.m.188 views

CVE-2012-1717

CVE-2012-1717 is an unspecified local confidentiality vulnerability in the Java Runtime Environment affecting Oracle JRE 7u4 and earlier, 6u32 and earlier, 5u35 and earlier, and 1.4.2_37 and earlier, related to printing on Solaris/Linux. Connected documents (including IBM BigInsights/InfoSphere a...

2.1CVSS7.6AI score0.00476EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.187 views

CVE-2012-5829

CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...

9.3CVSS9.2AI score0.08439EPSS
CVE
CVE
added 2011/12/15 2:0 a.m.179 views

CVE-2011-4517

CVE-2011-4517 affects JasPer 1.900.1 used for JPEG-2000 decoding. The flaw is in libjasper/jpc/jpc_cs.c: jpc_crg_getparms uses an incorrect data type during a size calculation, enabling remote attackers to trigger a heap-based buffer overflow via a crafted CRG marker segment in a JPEG2000 file. C...

6.8CVSS5AI score0.10618EPSS
CVE
CVE
added 2016/06/10 3:0 p.m.178 views

CVE-2016-5118

CVE-2016-5118 affects GraphicsMagick and ImageMagick: the OpenBlob handling accepts a leading ‘|’ pipe in a filename, enabling remote code execution. Connected advisories confirm the issue and note remediation by upgrading to at least GraphicsMagick 1.3.24 (and corresponding ImageMagick fixes) an...

10CVSS9.5AI score0.49982EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.175 views

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

9.3CVSS8.8AI score0.0399EPSS
CVE
CVE
added 2015/11/17 3:0 p.m.174 views

CVE-2015-0272

CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...

5CVSS5.9AI score0.05059EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.171 views

CVE-2015-8776

The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...

9.1CVSS8.5AI score0.04613EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.169 views

CVE-2013-0754

CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...

9.3CVSS9.4AI score0.05381EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.162 views

CVE-2013-0750

CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...

9.3CVSS9.6AI score0.0633EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.160 views

CVE-2012-1970

CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...

10CVSS9.8AI score0.05566EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.160 views

CVE-2013-0757

CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...

9.3CVSS9.1AI score0.60859EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.160 views

CVE-2015-0433

The CVE-2015-0433 entry concerns an unspecified vulnerability in Oracle MySQL Server (affected versions: 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via InnoDB : DML. Connected advisories from Debian, CentOS, Gentoo, and IBM/Tivoli sh...

4CVSS4.8AI score0.05421EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.160 views

CVE-2015-2573

CVE-2015-2573 is an unspecified vulnerability in Oracle MySQL Server (affecting 5.5.41 and earlier; 5.6.22 and earlier) that could allow remote authenticated users to affect availability via DDL-related vectors. The connected documents confirm this CVE appears in multiple security advisories acro...

4CVSS4.8AI score0.0511EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.159 views

CVE-2015-2568

CVE-2015-2568 affects Oracle MySQL Server 5.5.41 and earlier and 5.6.22 and earlier. The vulnerability is described as unspecified with impact to availability, due to issues in the Server : Security : Privileges area. The provided sources indicate a remote attacker could cause a denial of service...

5CVSS5AI score0.0715EPSS
CVE
CVE
added 2015/06/15 3:0 p.m.156 views

CVE-2015-3209

CVE-2015-3209 : Heap-based buffer overflow in the QEMU PCNET network device allows remote code execution via crafted packet sequences (TXSTATUS_STARTPACKET then TXSTATUS_DEVICEOWNS). This is a QEMU vulnerability discussed in multiple advisories (notably Arista/Security Advisory 0013 and F5/Multi-...

7.5CVSS6.5AI score0.09668EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.155 views

CVE-2013-0748

CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...

4.3CVSS9.2AI score0.01998EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.153 views

CVE-2010-2753

CVE-2010-2753 affects Mozilla Firefox (3.5.x before 3.5.11; 3.6.x before 3.6.7), Thunderbird (3.0.x before 3.0.6; 3.1.x before 3.1.1), and SeaMonkey before 2.0.6. Root cause: integer overflow in the XUL tree selection attribute can trigger a use-after-free when handling a large selection in a XUL...

9.3CVSS9.7AI score0.06672EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.153 views

CVE-2012-1976

CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.153 views

CVE-2013-0800

CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...

6.8CVSS9.7AI score0.03941EPSS
Total number of security vulnerabilities189