Lucene search

K
SuseSuse Linux Enterprise Desktop11

44 matches found

CVE
CVE
added 2014/05/07 10:55 a.m.526 views

CVE-2014-0196

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition in...

6.9CVSS6.3AI score0.5836EPSS
CVE
CVE
added 2010/12/23 6:0 p.m.125 views

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

2.1CVSS5.8AI score0.00073EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.119 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different ...

7.5CVSS8.5AI score0.00542EPSS
CVE
CVE
added 2010/09/24 8:0 p.m.115 views

CVE-2010-3081

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the ...

7.8CVSS7.4AI score0.14754EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.114 views

CVE-2010-2798

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified ot...

7.8CVSS7.3AI score0.00053EPSS
CVE
CVE
added 2015/10/19 10:59 a.m.113 views

CVE-2015-5707

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

4.6CVSS6.2AI score0.00084EPSS
CVE
CVE
added 2015/03/27 2:59 p.m.111 views

CVE-2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over...

5CVSS8AI score0.02531EPSS
CVE
CVE
added 2014/04/14 11:55 p.m.107 views

CVE-2014-2706

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.

7.1CVSS7.8AI score0.03939EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.102 views

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

9.8CVSS9.2AI score0.75716EPSS
CVE
CVE
added 2010/09/21 6:0 p.m.101 views

CVE-2010-3078

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

5.5CVSS5.5AI score0.00048EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.100 views

CVE-2010-2495

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecif...

10CVSS6.4AI score0.01489EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.98 views

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage c...

10CVSS9.4AI score0.1791EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.96 views

CVE-2013-5609

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS10AI score0.02752EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.96 views

CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF doc...

8.8CVSS9.4AI score0.0081EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.96 views

CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

9.8CVSS9AI score0.75961EPSS
CVE
CVE
added 2014/06/23 11:21 a.m.93 views

CVE-2014-1739

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioc...

2.1CVSS5.5AI score0.00107EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.92 views

CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.8CVSS9.3AI score0.00852EPSS
CVE
CVE
added 2010/09/21 6:0 p.m.91 views

CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related ...

5.5CVSS5.5AI score0.00022EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.90 views

CVE-2010-2524

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform...

7.8CVSS7AI score0.00082EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.88 views

CVE-2014-1493

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS9.8AI score0.01176EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.88 views

CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application cras...

9.1CVSS9.1AI score0.00986EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.87 views

CVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appl...

8.8CVSS9.4AI score0.00502EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.87 views

CVE-2014-1514

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.8CVSS9.5AI score0.04165EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.86 views

CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS9.4AI score0.01605EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.85 views

CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted i...

9.3CVSS9AI score0.02741EPSS
CVE
CVE
added 2010/09/30 3:0 p.m.84 views

CVE-2010-2537

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.

7.1CVSS6.5AI score0.0009EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.82 views

CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via...

10CVSS9.6AI score0.11056EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.82 views

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

7.5CVSS8.5AI score0.02581EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.82 views

CVE-2014-1486

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

10CVSS8.8AI score0.10821EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.79 views

CVE-2010-2066

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

5.5CVSS5.6AI score0.00061EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.78 views

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS8.3AI score0.01468EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.75 views

CVE-2013-5618

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by tri...

10CVSS9.6AI score0.10378EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.73 views

CVE-2010-2960

The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact ...

7.8CVSS7.5AI score0.001EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.71 views

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup...

9.8CVSS9.6AI score0.02874EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.71 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

7.5CVSS8.3AI score0.00501EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.71 views

CVE-2014-1496

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

5.5CVSS7AI score0.00064EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.69 views

CVE-2013-5615

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack v...

9.8CVSS9.2AI score0.02013EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.65 views

CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

10CVSS9.6AI score0.10399EPSS
CVE
CVE
added 2010/06/11 7:30 p.m.64 views

CVE-2010-1770

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary ...

9.3CVSS8.7AI score0.0902EPSS
CVE
CVE
added 2010/06/15 6:0 p.m.64 views

CVE-2010-2302

Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: t...

10CVSS8.7AI score0.08537EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.54 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS
CVE
CVE
added 2010/06/15 6:0 p.m.53 views

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.

9.3CVSS8.9AI score0.10393EPSS
CVE
CVE
added 2010/06/15 6:0 p.m.52 views

CVE-2010-2301

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.

4.3CVSS6.9AI score0.00908EPSS
CVE
CVE
added 2018/06/08 5:29 p.m.40 views

CVE-2011-4190

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw...

5.9CVSS5AI score0.0023EPSS