Suse Linux Enterprise Server Security Vulnerabilities and Issues — Suse Linux Enterprise Server CVE List

Lucene search

SuseSuse Linux Enterprise Server

12 matches found

CVE•added 2020/01/09 10:15 p.m.•337 views

CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

8.8CVSS8.6AI score0.19756EPSS

CVE•added 2020/03/23 4:15 p.m.•266 views

CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02916EPSS

CVE•added 2020/03/23 4:15 p.m.•265 views

CVE-2020-6422

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02877EPSS

CVE•added 2016/02/18 9:59 p.m.•255 views

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a...

8.1CVSS8.4AI score0.93421EPSS

CVE•added 2020/03/23 4:15 p.m.•190 views

CVE-2020-6427

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02916EPSS

CVE•added 2020/03/23 4:15 p.m.•181 views

CVE-2020-6428

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02916EPSS

CVE•added 2020/03/23 4:15 p.m.•178 views

CVE-2020-6424

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.0261EPSS

CVE•added 2020/03/23 4:15 p.m.•158 views

CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.06387EPSS

CVE•added 2014/03/19 10:55 a.m.•96 views

CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF doc...

8.8CVSS9.4AI score0.0081EPSS

CVE•added 2014/03/19 10:55 a.m.•87 views

CVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appl...

8.8CVSS9.4AI score0.00502EPSS

CVE•added 2018/11/29 5:29 a.m.•65 views

CVE-2018-19655

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

8.8CVSS8.1AI score0.00824EPSS

CVE•added 2012/11/21 12:55 p.m.•54 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS