Lucene search
K
SuseSuse Linux Enterprise Desktop

81 matches found

CVE
CVE
added 2018/01/04 1:0 p.m.1148 views

CVE-2017-5753

CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...

5.6CVSS6.1AI score0.93838EPSS
CVE
CVE
added 2014/05/07 10:0 a.m.608 views

CVE-2014-0196

CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...

6.9CVSS6.3AI score0.22475EPSS
In wild
CVE
CVE
added 2020/03/20 1:52 p.m.285 views

CVE-2020-6429

CVE-2020-6429 refers to a use-after-free in Google Chrome’s audio path that could allow remote heap corruption via a crafted HTML page. Public references in Debian and Alpine security advisories confirm the flaw affects Chromium/Chrome up to version 80.0.3987.149, with fixed versions pushed in th...

8.8CVSS8.8AI score0.02314EPSS
CVE
CVE
added 2020/03/20 1:51 p.m.284 views

CVE-2020-6422

CVE-2020-6422 is a use-after-free vulnerability in WebGL of Google Chrome before 80.0.3987.149, enabling a remote attacker to potentially cause heap corruption via a crafted HTML page. Mitigation: upgrade Chromium/Chrome to 80.0.3987.149 or newer (reported in Debian/Fedora advisories and Gentoo/G...

8.8CVSS8.8AI score0.02354EPSS
CVE
CVE
added 2020/03/20 1:51 p.m.283 views

CVE-2020-6426

CVE-2020-6426: In Google Chrome, an implementation error in V8 prior to 80.0.3987.149 could allow a remote attacker to cause heap corruption via a crafted HTML page. Affected software is Chrome before 80.0.3987.149 (and Chromium-based builds). Root cause: inappropriate V8 implementation. Impact d...

6.5CVSS6.8AI score0.02861EPSS
CVE
CVE
added 2015/04/14 10:0 p.m.245 views

CVE-2015-0350

Adobe Flash Player vulnerable to memory corruption that can lead to remote code execution or denial of service. Affected versions: Windows/OS X before 13.0.0.281 and 14.x–17.x before 17.0.0.169; Linux before 11.2.202.457. Vectors are unspecified; no exploitation details provided in the source. No...

10CVSS7.8AI score0.05989EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.232 views

CVE-2015-0347

CVE-2015-0347 affects Adobe Flash Player before 13.0.0.281 and 14.x up to 17.x before 17.0.0.169 on Windows/OS X, and before 11.2.202.457 on Linux. The vulnerability is described as memory corruption that allows attackers to execute arbitrary code or cause a denial of service, via unspecified vec...

10CVSS7.8AI score0.06219EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.229 views

CVE-2015-0354

CVE-2015-0354 refers to Adobe Flash Player vulnerabilities that allow remote code execution or memory corruption. Affected products include Flash Player before 13.0.0.281 and versions up to 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The initial description notes th...

10CVSS7.8AI score0.05989EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.228 views

CVE-2015-3042

CVE-2015-3042 affects Adobe Flash Player prior to 13.0.0.281 and 14.x through 17.x prior to 17.0.0.169 on Windows and OS X, and prior to 11.2.202.457 on Linux. The vulnerability is a memory corruption issue that allows attackers to execute arbitrary code or cause a denial of service via unspecifi...

10CVSS7.8AI score0.36806EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.227 views

CVE-2015-0353

Concrete details from connected documents show CVE-2015-0353 affects Adobe Flash Player before certain versions on Windows, OS X, and Linux, with memory corruption exploitable to execute arbitrary code or cause a denial of service. Affected lines specify: Windows/OS X builds up to 13.0.0.281 and ...

10CVSS7.8AI score0.05989EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.227 views

CVE-2015-0360

CVE-2015-0360 affects Adobe Flash Player pre-13.0.0.281 and 14.x–17.x pre-17.0.0.169 on Windows/macOS, and pre-11.2.202.457 on Linux, with memory corruption that could lead to arbitrary code execution or a denial of service via unspecified vectors. The connected CISA KEV entry summarizes it as a ...

10CVSS7.8AI score0.05989EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.226 views

CVE-2015-0352

CVE-2015-0352 concerns Adobe Flash Player with the vulnerability described as a memory corruption issue that allows an attacker to achieve remote code execution or cause a denial of service. Affected products include Flash Player on Windows, OS X, and Linux, with vulnerable versions listed as bef...

10CVSS7.8AI score0.05989EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.226 views

CVE-2015-3038

CVE-2015-3038 affects Adobe Flash Player on Windows, OS X, and Linux; vulnerable versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 (Linux before 11.2.202.457), with memory corruption that can enable arbitrary code execution or a denial of service via unspecif...

10CVSS7.8AI score0.06966EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.224 views

CVE-2015-3041

Technical details for CVE-2015-3041 are not provided in the connected documents. Public info is limited to a generic description in the Initial document. Monitor for updates.

10CVSS7.8AI score0.05989EPSS
In wild
CVE
CVE
added 2015/04/14 10:0 p.m.220 views

CVE-2015-0355

Adobe Flash Player memory‑corruption vulnerability (CVE‑2015‑0355) affects Flash Player before 13.0.0.281 and 14.x up to 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. Root cause is memory corruption via unspecified vectors, leading to arbitrary code execution or denia...

10CVSS7.8AI score0.05989EPSS
In wild
CVE
CVE
added 2020/03/20 1:51 p.m.210 views

CVE-2020-6427

CVE-2020-6427 is a use-after-free in Google Chrome’s audio subsystem that could allow a remote attacker to exploit heap corruption via a crafted HTML page. Affected: Google Chrome (audio path); vulnerability type: use-after-free. Impact: potential remote code execution is described in affected ad...

8.8CVSS8.8AI score0.02446EPSS
CVE
CVE
added 2020/03/20 1:52 p.m.201 views

CVE-2020-6428

CVE-2020-6428 involves a use-after-free in the audio component of Google Chrome prior to 80.0.3987.149, potentially enabling a remote attacker to trigger heap corruption via a crafted HTML page. Affected software includes Google Chrome and Chromium-based builds; Debian, Fedora, Gentoo, and Alpine...

8.8CVSS8.8AI score0.02314EPSS
CVE
CVE
added 2020/03/20 1:51 p.m.199 views

CVE-2020-6424

CVE-2020-6424 is a use-after-free in Chrome’s media handling that could allow heap corruption via a crafted HTML page on Chrome versions prior to 80.0.3987.149. Affected: Google Chrome (desktop). Root cause: use-after-free in media code paths. Impact: remote code execution likelihood noted as hig...

8.8CVSS8.8AI score0.03498EPSS
CVE
CVE
added 2020/03/20 12:0 a.m.184 views

CVE-2020-6449

CVE-2020-6449 is a use-after-free vulnerability in the audio component of Google Chrome prior to 80.0.3987.149. The issue could allow a remote attacker to cause heap corruption via a crafted HTML page. Documents confirm the affected product is Google Chrome/Chromium and that the fix was applied i...

8.8CVSS8.8AI score0.02664EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.180 views

CVE-2014-1505

CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...

7.5CVSS8.5AI score0.04002EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.175 views

CVE-2014-1510

CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...

9.8CVSS9.2AI score0.82339EPSS
CVE
CVE
added 2009/11/04 3:0 p.m.165 views

CVE-2009-3547

CVE-2009-3547 refers to multiple race conditions in fs/pipe.c of the Linux kernel before 2.6.32-rc6. The flaws can allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by opening an anonymous pipe via a /proc/*/fd/ pathname. A fix is availa...

7CVSS6.8AI score0.0489EPSS
In wild
CVE
CVE
added 2014/03/19 10:0 a.m.165 views

CVE-2014-1509

CVE-2014-1509 is a buffer overflow in cairo's _cairo_truetype_index_to_ucs4 function that affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The vulnerability can allow remote code execution via a crafted extension that renders f...

8.8CVSS9.4AI score0.0503EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.163 views

CVE-2013-5609

CVE-2013-5609 is a set of memory-corruption/denial-of-service vulnerabilities in the Mozilla Firefox browser engine, affecting Firefox (including ESR 24.x) and related products prior to versions around 26.0 (per the referenced MiracleLinux AXSA advisories). The issues could allow remote attackers...

10CVSS10AI score0.08091EPSS
CVE
CVE
added 2010/09/24 7:0 p.m.160 views

CVE-2010-3081

CVE-2010-3081 describes a local privilege-escalation in the Linux kernel’s 64-bit compat layer due to missing sanity checks in compat_alloc_user_space, enabling a local user to abuse compat_mc_getsockopt controlling a length value. Affected: kernel 2.6.x before 2.6.36-rc4-git2 on 64-bit platforms...

7.8CVSS7.4AI score0.03533EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.159 views

CVE-2014-1477

CVE-2014-1477 affects Mozilla Firefox before 27.0 (and related ESR/Thunderbird/SeaMonkey versions) where the browser engine contains multiple unspecified vulnerabilities that could lead to memory corruption, application crashes, or possibly arbitrary code execution via unknown vectors. Exploitati...

9.8CVSS9.3AI score0.05506EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.157 views

CVE-2014-1514

CVE-2014-1514 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue arises from not validating the length of the destination array before a copy operation in TypedArrayObject, allowing remote attackers to execute arbitrary...

9.8CVSS9.5AI score0.06087EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.156 views

CVE-2014-1512

The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...

10CVSS9.4AI score0.31373EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.155 views

CVE-2014-1493

CVE-2014-1493 is a Mozilla Firefox/Thunderbird/SeaMonkey browser-engine vulnerability reported in multiple advisories. IBM Storwize V7000 Unified and IBM SONAS bulletins note these issues affect shipped Firefox and advise upgrading to version 1.4.3.3 (Storwize Unified) or 1.4.3.3 (SONAS) to apply...

10CVSS9.8AI score0.08099EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.155 views

CVE-2014-1508

CVE-2014-1508 affects Mozilla Firefox family components (libxul) where libxul.so!gfxContext::Polygon can leak memory, cause out-of-bounds reads, or crash, with potential Same Origin Policy bypass via MathML polygon rendering. Affected: Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbir...

9.1CVSS9.1AI score0.0427EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.153 views

CVE-2014-1486

CVE-2014-1486 is a use-after-free in Mozilla Firefox’s imgRequestProxy function (affecting Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24). The vulnerability enables remote code execution via image data with unspecified Content-Type values. Mirac...

10CVSS8.8AI score0.07072EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.148 views

CVE-2014-1479

CVE-2014-1479 affects Mozilla Firefox (including ESR 24.x line), Thunderbird, and SeaMonkey before versions around 27.0/24.x 24.3/SeaMonkey 2.24. The flaw, in the System Only Wrapper (SOW) implementation, does not prevent certain cloning operations, allowing remote attackers to bypass restriction...

7.5CVSS8.3AI score0.04602EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.148 views

CVE-2014-1481

CVE-2014-1481 affects Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24. It enables remote attackers to bypass restrictions on window objects by exploiting inconsistencies in native JavaScript engine getter methods. Impact per sources is...

7.5CVSS8.5AI score0.03889EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.148 views

CVE-2014-1497

CVE-2014-1497 affects mozilla::WaveReader::DecodeAudioData in Mozilla Firefox up to 28.0 (and ESR 24.x up to 24.4), Thunderbird up to 24.4, and SeaMonkey up to 2.25. A crafted WAV file can cause information disclosure from process heap memory and can trigger a denial of service via an out-of-boun...

8.8CVSS9.4AI score0.02826EPSS
CVE
CVE
added 2010/12/23 5:0 p.m.147 views

CVE-2010-3881

The CVE-2010-3881 issue affects the Linux kernel arch/x86/kvm/x86.c, where several structure members are not initialized in versions prior to 2.6.36.2. This can allow local users to read potentially sensitive data from kernel stack memory via /dev/kvm. The documented fix is in kernel 2.6.36.2 (an...

2.1CVSS5.8AI score0.0048EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.146 views

CVE-2014-1482

CVE-2014-1482 affects Mozilla Firefox and related Mozilla products. The issue is that RasterImage.cpp does not prevent access to discarded image data, enabling remote attackers to run arbitrary code or cause a denial of service via crafted image data (Goo Create demonstrated). Affected versions i...

9.3CVSS9AI score0.06304EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.144 views

CVE-2014-1513

The CVE-2014-1513 issue affects Mozilla Firefox (and related Mozilla suite components) prior to version 28.0, and Firefox ESR 24.x prior to 24.4, with Firefox/SeaMonkey/Thunderbird affecting ArrayBuffer usage. Root cause: TypedArrayObject mishandles a zero-length transition during ArrayBuffer use...

9.3CVSS9.4AI score0.05576EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.141 views

CVE-2013-5613

Mode C: Detailed vulnerability note for CVE-2013-5613. Affected product/variant: Mozilla Firefox components shipped in MiracleLinux 3 (firefox-24.4.0-1.0.1.AXS3) per AXSA:2014-233:01. Root cause: Use-after-free in PresShell::DispatchSynthMouseMove, linked to RestyleManager::GetHoverGeneration, en...

10CVSS9.6AI score0.09448EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.141 views

CVE-2014-1487

CVE-2014-1487 affects Mozilla Firefox (Web workers) and related Mozilla suite components. The issue allows remote attackers to bypass Same Origin Policy and obtain sensitive authentication data via error-message handling in Web workers, affecting Firefox versions before 27.0 (and ESR 24.x before ...

7.5CVSS8.3AI score0.02335EPSS
CVE
CVE
added 2010/09/08 7:0 p.m.140 views

CVE-2010-2798

The CVE-2010-2798 entry concerns the Linux kernel prior to 2.6.35, where gfs2_dirent_find_space uses an incorrect size value in calculations related to sentinel directory entries. This can allow local attackers to trigger a denial of service via a NULL pointer dereference and kernel panic, with a...

7.8CVSS7.3AI score0.00414EPSS
CVE
CVE
added 2015/03/27 2:0 p.m.139 views

CVE-2014-8121

CVE-2014-8121 affects the GNU C Library (glibc/eglibc) NSS backend: DB_LOOKUP in nss_files/files-XXX.c can loop indefinitely when a file is being iterated, by not properly checking if the database file is open. This can lead to a denial of service. The affected line of code is in the NSS file bac...

5CVSS8AI score0.05609EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.136 views

CVE-2013-5616

CVE-2013-5616 is a use-after-free in Mozilla Firefox before 26.0 (also affects ESR 24.x before 24.2, Thunderbird before 24.2, SeaMonkey before 2.23) triggered by nsEventListenerManager::HandleEventSubType. Exploitation could lead to remote code execution or a denial of service due to heap memory ...

9.8CVSS9.6AI score0.06672EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.133 views

CVE-2013-5618

CVE-2013-5618 is a use-after-free in Mozilla Firefox’s table-editing UI (nsNodeUtils::LastRelease). Affected: Firefox < 26.0, Firefox ESR < 24.2, Thunderbird < 24.2, SeaMonkey

10CVSS9.6AI score0.10407EPSS
CVE
CVE
added 2014/04/14 11:0 p.m.131 views

CVE-2014-2706

CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...

7.1CVSS7.8AI score0.04354EPSS
CVE
CVE
added 2009/10/22 3:26 p.m.130 views

CVE-2009-3621

The CVE-2009-3621 issue affects the Linux kernel up to version 2.6.31.4 and earlier, specifically in net/unix/af_unix.c. The vulnerability allows a local attacker to cause a denial of service (system hang) by: (1) creating an abstract-namespace AF_UNIX listening socket, (2) performing a shutdown ...

5.5CVSS6.1AI score0.00987EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.130 views

CVE-2013-5615

CVE-2013-5615 concerns GetElementIC typed array stubs being generated outside observed typesets in the Mozilla JavaScript engine. The connected vendor notes identify affected products as Mozilla Firefox (and related Firefox ESR/Thunderbird/SeaMonkey lines in the 2013 MFSA bundle) with fixes imple...

9.8CVSS9.2AI score0.04219EPSS
CVE
CVE
added 2015/10/19 10:0 a.m.129 views

CVE-2015-5707

CVE-2015-5707 affects the Linux kernel sg.c sg_start_req function (drivers/scsi/sg.c) where an integer overflow can occur in write requests with a large iov_count, allowing a local attacker to cause a denial of service or potentially other impact on kernel memory. Affected are kernel versions 2.6...

4.6CVSS6.2AI score0.00493EPSS
CVE
CVE
added 2010/09/21 5:0 p.m.125 views

CVE-2010-2942

CVE-2010-2942 affects the Linux kernel prior to 2.6.36-rc2. The issue arises in the actions implementation of network queueing: several tcf_*_dump routines (tcf_gact_dump, tcf_mirred_dump, tcf_nat_dump, tcf_simp_dump, tcf_skbedit_dump) do not properly initialize certain structure members during d...

5.5CVSS5.5AI score0.00421EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.125 views

CVE-2015-0491

CVE-2015-0491 is an unspecified vulnerability in IBM SDK for Java Technology Edition affecting IBM AIX environments. IBM’s 2015 Java bulletin maps CVE-2015-0491 to a 2D component issue with complete confidentiality, integrity, and availability impact. Affected AIX filesets/VRMF levels are: Java5:...

10CVSS3.8AI score0.06284EPSS
CVE
CVE
added 2010/09/08 7:0 p.m.123 views

CVE-2010-2495

CVE-2010-2495 affects the Linux kernel’s L2TP implementation (pppol2tp.c). The vulnerability arises from improper validation of certain interface-related values in pppol2tp_xmit, enabling a NULL pointer dereference and an OOPs that can cause a denial of service via routing-change vectors. The iss...

10CVSS6.4AI score0.02931EPSS
Total number of security vulnerabilities81