Lucene search
K
SuseSuse Linux Enterprise Server

129 matches found

CVE
CVE
added 2018/11/07 5:0 a.m.2394 views

CVE-2018-19052

The CVE-2018-19052 issue affects lighttpd’s mod_alias_physical_handler (mod_alias.c): when a configured alias lacks a trailing '/' but the target path has one, there is potential directory traversal to the parent of the alias target. Public advisories confirm this vulnerability across multiple di...

7.5CVSS7.3AI score0.1408EPSS
CVE
CVE
added 2015/05/21 12:0 a.m.1255 views

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

4.3CVSS4.8AI score0.9986EPSS
In wild
CVE
CVE
added 2018/01/04 1:0 p.m.1148 views

CVE-2017-5753

CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...

5.6CVSS6.1AI score0.93838EPSS
CVE
CVE
added 2016/05/05 6:0 p.m.805 views

CVE-2016-3714

CVE-2016-3714 affects ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. An improper input validation flaw in the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image (ImageTragick). The vulnera...

10CVSS8AI score0.97485EPSS
In wild
CVE
CVE
added 2014/05/07 10:0 a.m.615 views

CVE-2014-0196

CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...

6.9CVSS6.3AI score0.22475EPSS
In wild
CVE
CVE
added 2020/01/09 9:56 p.m.439 views

CVE-2020-5504

CVE-2020-5504 affects phpMyAdmin 4 prior to 4.9.4 and 5 prior to 5.0.1, where an SQL injection exists in the user accounts page. A malicious user could inject SQL in place of their username when creating queries on that page; an attacker must have a valid MySQL account to access the server. Conne...

8.8CVSS8.6AI score0.38778EPSS
CVE
CVE
added 2020/07/29 5:45 p.m.349 views

CVE-2020-15707

CVE-2020-15707 is a GRUB2 bootloader vulnerability (initrd size handling) causing a heap-based buffer overflow via integer overflow in initrd processing. The flaw affects GRUB2 2.04 and earlier as deployed in multiple distros (Debian, Red Hat, Ubuntu) and can enable arbitrary code execution durin...

6.4CVSS7.6AI score0.01588EPSS
CVE
CVE
added 2020/07/29 5:45 p.m.334 views

CVE-2020-15706

CVE-2020-15706 affects GRUB2 (2.04 and earlier) and is a race-condition/use-after-free in grub_script_function_create() triggered by redefining a function during execution, leading to arbitrary code execution and Secure Boot restriction bypass. Remediation is to upgrade to patched GRUB2 packages ...

6.4CVSS7.7AI score0.00977EPSS
CVE
CVE
added 2020/07/29 5:45 p.m.322 views

CVE-2020-15705

GRUB2 ≤ 2.04 fails to validate kernel signatures when booting directly without shim, allowing Secure Boot bypass if the kernel signing certificate is in the Secure Boot DB. The issue affects GRUB2 2.04 and earlier; upgrades to patched grub2/shim combinations are advised (e.g., 2.06+ and related s...

6.4CVSS7.1AI score0.01434EPSS
CVE
CVE
added 2012/02/16 8:0 p.m.317 views

CVE-2011-3026

CVE-2011-3026 describes a heap-based overflow in libpng caused by an integer overflow in png_decompress_chunk(), leading to potential remote code execution or crashes when handling crafted PNGs. Affected: libpng as used by Chrome (and various products); vulnerable versions precede fixed releases....

6.8CVSS9.1AI score0.73347EPSS
CVE
CVE
added 2018/08/10 3:0 p.m.309 views

CVE-2018-6556

CVE-2018-6556 affects lxc-user-nic where, when asked to delete a network interface, the code unconditionally opens a user-supplied path. This can let an unprivileged user infer the existence of a path they should not reach and may trigger side effects by opening (read-only) kernel files such as /...

3.3CVSS3.9AI score0.00347EPSS
CVE
CVE
added 2016/02/18 9:0 p.m.302 views

CVE-2015-7547

CVE-2015-7547 refers to a stack-based buffer overflow in the GLIBC libresolv DNS resolver path, triggered by dual A/AAAA DNS queries in getaddrinfo. The vulnerability could allow remote code execution or crash the process when handling crafted DNS responses, with exploitation possible via the nss...

8.1CVSS8.4AI score0.89557EPSS
CVE
CVE
added 2020/03/20 1:52 p.m.286 views

CVE-2020-6429

CVE-2020-6429 refers to a use-after-free in Google Chrome’s audio path that could allow remote heap corruption via a crafted HTML page. Public references in Debian and Alpine security advisories confirm the flaw affects Chromium/Chrome up to version 80.0.3987.149, with fixed versions pushed in th...

8.8CVSS8.8AI score0.02314EPSS
CVE
CVE
added 2020/03/20 1:51 p.m.284 views

CVE-2020-6422

CVE-2020-6422 is a use-after-free vulnerability in WebGL of Google Chrome before 80.0.3987.149, enabling a remote attacker to potentially cause heap corruption via a crafted HTML page. Mitigation: upgrade Chromium/Chrome to 80.0.3987.149 or newer (reported in Debian/Fedora advisories and Gentoo/G...

8.8CVSS8.8AI score0.02354EPSS
CVE
CVE
added 2020/03/20 1:51 p.m.283 views

CVE-2020-6426

CVE-2020-6426: In Google Chrome, an implementation error in V8 prior to 80.0.3987.149 could allow a remote attacker to cause heap corruption via a crafted HTML page. Affected software is Chrome before 80.0.3987.149 (and Chromium-based builds). Root cause: inappropriate V8 implementation. Impact d...

6.5CVSS6.8AI score0.02861EPSS
CVE
CVE
added 2018/11/28 5:0 p.m.252 views

CVE-2018-12116

CVE-2018-12116 in Node.js is an HTTP request splitting vulnerability: if an unsanitized Unicode path is supplied, a second user-defined HTTP request can be generated to the same server. Affected are all Node.js versions prior to 6.15.0 and 8.14.0. The vulnerability may enable DoS and, per related...

7.5CVSS7.5AI score0.04612EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.248 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.241 views

CVE-2014-8559

CVE-2014-8559 is tied to the Linux kernel up to version 3.17.2, where the d_walk function in fs/dcache.c fails to properly preserve the semantics of rename_lock. This can allow a local attacker to cause a denial of service via a deadlock and system hang. The connected advisories state that the is...

5.5CVSS5.2AI score0.00738EPSS
CVE
CVE
added 2018/11/28 5:0 p.m.227 views

CVE-2018-12122

CVE-2018-12122 affects Node.js versions before 6.15.0, 8.14.0, 10.14.0 and 11.3.0. It enables a Slowloris-style DoS by sending HTTP/HTTPS headers very slowly, keeping connections alive and consuming resources. A 40-second headersTimeout patch (adjustable via server.headersTimeout) helps defend, a...

7.5CVSS7.3AI score0.41288EPSS
CVE
CVE
added 2014/04/27 12:0 a.m.211 views

CVE-2014-0181

The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...

2.1CVSS6AI score0.00538EPSS
CVE
CVE
added 2020/03/20 1:51 p.m.210 views

CVE-2020-6427

CVE-2020-6427 is a use-after-free in Google Chrome’s audio subsystem that could allow a remote attacker to exploit heap corruption via a crafted HTML page. Affected: Google Chrome (audio path); vulnerability type: use-after-free. Impact: potential remote code execution is described in affected ad...

8.8CVSS8.8AI score0.02446EPSS
CVE
CVE
added 2018/11/12 7:0 p.m.203 views

CVE-2018-19208

CVE-2018-19208 affects libwpd 0.10.2 where a NULL pointer dereference in WP6ContentListener::defineTable (WP6ContentListener.cpp) can cause a denial of service. This vulnerability is related to WPXTable.h and has been documented across multiple advisories (e.g., Miracles/MiracleLinux AXSA:2019-41...

6.5CVSS6.1AI score0.01488EPSS
CVE
CVE
added 2020/03/20 1:52 p.m.201 views

CVE-2020-6428

CVE-2020-6428 involves a use-after-free in the audio component of Google Chrome prior to 80.0.3987.149, potentially enabling a remote attacker to trigger heap corruption via a crafted HTML page. Affected software includes Google Chrome and Chromium-based builds; Debian, Fedora, Gentoo, and Alpine...

8.8CVSS8.8AI score0.02314EPSS
CVE
CVE
added 2014/12/12 6:0 p.m.200 views

CVE-2014-8134

CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...

3.3CVSS5.4AI score0.00703EPSS
CVE
CVE
added 2020/03/20 1:51 p.m.199 views

CVE-2020-6424

CVE-2020-6424 is a use-after-free in Chrome’s media handling that could allow heap corruption via a crafted HTML page on Chrome versions prior to 80.0.3987.149. Affected: Google Chrome (desktop). Root cause: use-after-free in media code paths. Impact: remote code execution likelihood noted as hig...

8.8CVSS8.8AI score0.03498EPSS
CVE
CVE
added 2018/03/01 7:0 p.m.187 views

CVE-2017-14798

CVE-2017-14798 describes a race condition in the PostgreSQL init script that could allow an attacker who can access the postgres account to escalate privileges to root. Public material (including exploit code and security advisories) confirms the vulnerability path via the init script and local a...

7.3CVSS7.1AI score0.01016EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.185 views

CVE-2015-7976

CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...

4.3CVSS5.6AI score0.03512EPSS
CVE
CVE
added 2020/03/20 12:0 a.m.184 views

CVE-2020-6449

CVE-2020-6449 is a use-after-free vulnerability in the audio component of Google Chrome prior to 80.0.3987.149. The issue could allow a remote attacker to cause heap corruption via a crafted HTML page. Documents confirm the affected product is Google Chrome/Chromium and that the fix was applied i...

8.8CVSS8.8AI score0.02664EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.180 views

CVE-2014-1505

CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...

7.5CVSS8.5AI score0.04002EPSS
CVE
CVE
added 2014/12/02 4:0 p.m.179 views

CVE-2014-9116

CVE-2014-9116 concerns the Mutt mail client. The description specifies that the write_one_header function in mutt 1.5.23 mishandles newline characters at the beginning of a header, allowing a remote attacker to cause a denial of service (crash) by sending a header with an empty body. This conditi...

5CVSS9AI score0.09694EPSS
CVE
CVE
added 2014/12/17 11:0 a.m.179 views

CVE-2014-9322

CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...

7.8CVSS7.4AI score0.01447EPSS
CVE
CVE
added 2020/02/04 7:8 p.m.178 views

CVE-2019-15624

CVE-2019-15624: Nextcloud Server 15.0.7 is affected by improper input validation that allows group admins to create users with IDs of system folders. The issue is confirmed in CVE-2019-15624 and is addressed in security advisories accompanying Nextcloud updates to 15.0.14 (NC-SA-2020-015/openSUSE...

4.9CVSS5.7AI score0.01472EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.177 views

CVE-2014-1510

CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...

9.8CVSS9.2AI score0.82339EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.175 views

CVE-2015-2734

CVE-2015-2734 details (mode C): The vulnerability affects Mozilla Firefox (Direct3D 9 implementation) in Windows builds prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1. The underlying issue is reading data from uninitialized memory locations in ...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2016/04/19 9:0 p.m.172 views

CVE-2015-8776

The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...

9.1CVSS8.5AI score0.04613EPSS
CVE
CVE
added 2019/10/07 2:0 p.m.171 views

CVE-2019-3688

CVE-2019-3688 affects the /usr/sbin/pinger binary shipped with squid on SUSE/OpenSUSE, where the binary had squid:root, 0750 permissions. The local attacker who has compromised the squid user could replace or modify the binary to achieve persistence. Affected products include SUSE Linux Enterpris...

7.1CVSS6.2AI score0.00336EPSS
CVE
CVE
added 2017/08/09 4:0 p.m.170 views

CVE-2015-3405

CVE-2015-3405 concerns ntp-keygen generating MD5 keys with insufficient entropy on big-endian systems, enabling an attacker to brute-force 93 possible keys and potentially spoof NTP. The IBM Power HMC bulletin lists affected products and versions: Power HMC V7.3.0.0, V7.9.0.0, V8.1.0.0, and V8.2....

7.5CVSS7.2AI score0.05292EPSS
CVE
CVE
added 2020/01/27 8:50 a.m.170 views

CVE-2018-20105

The related OpenSUSE/SUSE entries confirm CVE-2018-20105 affects yast2-rmt and was fixed by updating to yast2-rmt 1.3.0 (openSUSE-2020-320, SUSE-SU-2020:0578-1). The mitigation is to apply this update; the fix addresses an exposure of the CA private key passphrase contained in log files. Summary ...

5.5CVSS4.5AI score0.00425EPSS
CVE
CVE
added 2009/11/04 3:0 p.m.166 views

CVE-2009-3547

CVE-2009-3547 refers to multiple race conditions in fs/pipe.c of the Linux kernel before 2.6.32-rc6. The flaws can allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by opening an anonymous pipe via a /proc/*/fd/ pathname. A fix is availa...

7CVSS6.8AI score0.0489EPSS
In wild
CVE
CVE
added 2014/03/19 10:0 a.m.166 views

CVE-2014-1509

CVE-2014-1509 is a buffer overflow in cairo's _cairo_truetype_index_to_ucs4 function that affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The vulnerability can allow remote code execution via a crafted extension that renders f...

8.8CVSS9.4AI score0.0503EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.164 views

CVE-2013-5609

CVE-2013-5609 is a set of memory-corruption/denial-of-service vulnerabilities in the Mozilla Firefox browser engine, affecting Firefox (including ESR 24.x) and related products prior to versions around 26.0 (per the referenced MiracleLinux AXSA advisories). The issues could allow remote attackers...

10CVSS10AI score0.08091EPSS
CVE
CVE
added 2015/07/06 1:0 a.m.163 views

CVE-2015-2738

CVE-2015-2738 affects Mozilla Firefox (before 39.0; ESR 31.x before 31.8 and 38.x before 38.1) and Thunderbird (before 38.1). The issue is a read from uninitialized memory in YCbCrImageDataDeserializer::ToDataSourceSurface, with unspecified impact and attack vectors. No remediation details are pr...

10CVSS4.4AI score0.02654EPSS
CVE
CVE
added 2016/06/27 10:0 a.m.162 views

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

7.5CVSS6.9AI score0.05521EPSS
CVE
CVE
added 2010/09/24 7:0 p.m.161 views

CVE-2010-3081

CVE-2010-3081 describes a local privilege-escalation in the Linux kernel’s 64-bit compat layer due to missing sanity checks in compat_alloc_user_space, enabling a local user to abuse compat_mc_getsockopt controlling a length value. Affected: kernel 2.6.x before 2.6.36-rc4-git2 on 64-bit platforms...

7.8CVSS7.4AI score0.03533EPSS
CVE
CVE
added 2010/12/07 8:0 p.m.161 views

CVE-2010-4494

CVE-2010-4494 is a double-free vulnerability in libxml2 (notably 2.7.8 and related versions) used by Chrome and other products. The issue affects libxml2’s handling of XPath/XML entities and could allow a remote attacker to crash or potentially execute code via crafted XML input. Public advisorie...

7.5CVSS7.8AI score0.07533EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.159 views

CVE-2014-1477

CVE-2014-1477 affects Mozilla Firefox before 27.0 (and related ESR/Thunderbird/SeaMonkey versions) where the browser engine contains multiple unspecified vulnerabilities that could lead to memory corruption, application crashes, or possibly arbitrary code execution via unknown vectors. Exploitati...

9.8CVSS9.3AI score0.05506EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.159 views

CVE-2014-3610

CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...

5.5CVSS5.9AI score0.00595EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.157 views

CVE-2014-1493

CVE-2014-1493 is a Mozilla Firefox/Thunderbird/SeaMonkey browser-engine vulnerability reported in multiple advisories. IBM Storwize V7000 Unified and IBM SONAS bulletins note these issues affect shipped Firefox and advise upgrading to version 1.4.3.3 (Storwize Unified) or 1.4.3.3 (SONAS) to apply...

10CVSS9.8AI score0.08099EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.157 views

CVE-2014-1512

The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...

10CVSS9.4AI score0.31373EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.157 views

CVE-2014-1514

CVE-2014-1514 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue arises from not validating the length of the destination array before a copy operation in TypedArrayObject, allowing remote attackers to execute arbitrary...

9.8CVSS9.5AI score0.06087EPSS
Total number of security vulnerabilities129