Lucene search
K
SuseManager

22 matches found

CVE
CVE
added 2016/05/05 6:0 p.m.1090 views

CVE-2016-3715

Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...

5.8CVSS6.3AI score0.75383EPSS
In wild
CVE
CVE
added 2016/05/05 6:0 p.m.1090 views

CVE-2016-3718

ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...

5.5CVSS6.7AI score0.76897EPSS
In wild
CVE
CVE
added 2015/04/01 12:0 a.m.943 views

CVE-2015-2808

CVE-2015-2808 concerns RC4 usage in TLS/SSL within OpenJDK/OpenJDK components. The Invariance Weakness (Bar Mitzvah) means RC4 key material can leak partial plaintext from the first bytes of a TLS/SSL stream, enabling plaintext-recovery under certain traffic patterns. Public advisories for OpenJD...

5CVSS4.8AI score0.74006EPSS
CVE
CVE
added 2016/04/21 10:0 a.m.780 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2016/03/09 11:0 p.m.551 views

CVE-2016-1286

CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...

8.6CVSS8.2AI score0.621EPSS
CVE
CVE
added 2016/03/09 11:0 p.m.454 views

CVE-2016-1285

CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...

6.8CVSS7.2AI score0.59143EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.246 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.200 views

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

7.5CVSS7.1AI score0.05839EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.183 views

CVE-2015-7976

CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...

4.3CVSS5.6AI score0.03483EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.182 views

CVE-2015-5194

CVE-2015-5194: ntpd’s log_config_command in ntp_parser.y allows remote attackers to crash ntpd via crafted logconfig commands. Affected are ntpd before 4.2.7p42; remediation is to upgrade to a fixed version (4.2.7p42+). Connected advisories from F5/IBM detail affected products and patch guidance ...

7.5CVSS7.1AI score0.05536EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.141 views

CVE-2016-4953

CVE-2016-4953 affects ntpd (NTP 4.x) and relates to DoS via crafted CRYPTO_NAK or spoofed packets that can demobilize ephemeral associations, potentially disrupting time synchronization. Connected docs confirm multiple ntpd-family vulnerabilities (CVE-2016-4953/4954/4955/4956/4957) with root caus...

7.5CVSS7.3AI score0.17245EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.138 views

CVE-2016-4954

The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...

7.5CVSS6.9AI score0.13208EPSS
CVE
CVE
added 2016/05/24 3:0 p.m.102 views

CVE-2016-0264

CVE-2016-0264 is a buffer overflow in IBM Runtime Environment Java (IBM SDK, Java Technology Edition) that allows remote code execution under certain conditions. Affected IBM JRE/JVM versions include IBM SDK 6 (pre SR16 FP25), 6 R1 (pre SR8 FP25), 7 (pre SR9 FP40) and 7 R1 (pre SR3 FP40), and 8 (...

6.8CVSS7.2AI score0.03925EPSS
CVE
CVE
added 2013/11/15 6:16 p.m.92 views

CVE-2013-4480

CVE-2013-4480 affects Red Hat Satellite 5.6 and earlier. The root cause is that the web interface used to create the initial administrator user was not disabled after setup, enabling a remote attacker to create an admin account. Documented impact is the potential for unauthorized administrative a...

7.5CVSS6.7AI score0.02134EPSS
CVE
CVE
added 2014/02/14 3:0 p.m.82 views

CVE-2013-4415

CVE-2013-4415 affects Red Hat Satellite/Spacewalk (Spacewalk 5.6 and RHN Satellite). The connected sources describe multiple cross-site scripting (XSS) vulnerabilities in the Red Hat Satellite web interface, enabling remote attackers to inject arbitrary web script or HTML via numerous parameters ...

4.3CVSS5.7AI score0.01732EPSS
CVE
CVE
added 2015/05/14 2:0 p.m.81 views

CVE-2014-8162

Summary: CVE-2014-8162 describes an XML External Entity (XXE) vulnerability in the RPC interface of Spacewalk and Red Hat Network (RHN) Satellite, affecting version 5.7 and earlier. The issue allows a remote attacker to read arbitrary files and potentially other unspecified impact via unknown vec...

7.5CVSS7.1AI score0.02694EPSS
CVE
CVE
added 2014/09/22 3:0 p.m.75 views

CVE-2014-3595

CVE-2014-3595 affects spacewalk-java components (versions 1.2.39, 1.7.54, 2.0.2) used by Spacewalk/RHN Satellite 5.4–5.6. Root cause: a stored XSS flaw where a crafted request, not properly sanitized during logging, allows injection of arbitrary HTML/JS into the log view page. Impact: remote atta...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2017/05/03 7:0 p.m.74 views

CVE-2017-7995

Concretely, CVE-2017-7995 affects Xen PV guests prior to 4.3: MMIO access permission checks were performed after accessing MMIO ranges, enabling host PCI device space memory reads and leading to information disclosure. The underlying cause is an error in the get_user function. Public symptom and ...

3.8CVSS4.2AI score0.00368EPSS
CVE
CVE
added 2014/11/03 4:0 p.m.71 views

CVE-2014-3654

CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2015/01/15 3:0 p.m.70 views

CVE-2014-7811

CVE-2014-7811: Spacewalk and RHN Satellite before 5.7.0 are affected by cross-site scripting via crafted XML data in the REST API. Remote authenticated users can inject arbitrary scripts/HTML. Remediation: upgrade to Spacewalk/RHN Satellite 5.7.0 (per RHSA-2015:0033) or apply related patches. Not...

3.5CVSS5.2AI score0.01463EPSS
CVE
CVE
added 2015/01/15 3:0 p.m.70 views

CVE-2014-7812

CVE-2014-7812 is an XSS vulnerability affecting Spacewalk and Red Hat Network Satellite prior to version 5.7.0. The issue allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. Affected products include Spacewalk and RHN Satellite (before 5.7.0); rem...

3.5CVSS5.3AI score0.01463EPSS
CVE
CVE
added 2019/05/13 2:17 p.m.54 views

CVE-2019-3684

CVE-2019-3684 affects SUSE Manager up to 4.0.7 and Uyuni up to the commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade. The underlying issue is creation of world-readable swap files on systems that do not already have swap configured and do not have a btrfs filesystem. This leads to potential disclos...

5.9CVSS5AI score0.00714EPSS