Suse Linux Enterprise Server Security Vulnerabilities and Issues — Suse Linux Enterprise Server CVE List

Lucene search

SuseSuse Linux Enterprise Server

16 matches found

CVE•added 2010/12/07 9:0 p.m.•129 views

CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

7.5CVSS7.8AI score0.0197EPSS

CVE•added 2010/12/23 6:0 p.m.•125 views

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

2.1CVSS5.8AI score0.00073EPSS

CVE•added 2010/09/24 8:0 p.m.•115 views

CVE-2010-3081

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the ...

7.8CVSS7.4AI score0.14754EPSS

CVE•added 2010/09/08 8:0 p.m.•114 views

CVE-2010-2798

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified ot...

7.8CVSS7.3AI score0.00053EPSS

CVE•added 2010/09/21 6:0 p.m.•101 views

CVE-2010-3078

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

5.5CVSS5.5AI score0.00048EPSS

CVE•added 2010/09/08 8:0 p.m.•100 views

CVE-2010-2495

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecif...

10CVSS6.4AI score0.01489EPSS

CVE•added 2010/09/21 6:0 p.m.•91 views

CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related ...

5.5CVSS5.5AI score0.00022EPSS

CVE•added 2010/09/08 8:0 p.m.•90 views

CVE-2010-2524

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform...

7.8CVSS7AI score0.00082EPSS

CVE•added 2010/09/30 3:0 p.m.•85 views

CVE-2010-2537

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.

7.1CVSS6.5AI score0.0009EPSS

CVE•added 2010/11/17 1:0 a.m.•81 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.00728EPSS

CVE•added 2010/09/08 8:0 p.m.•79 views

CVE-2010-2066

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

5.5CVSS5.6AI score0.00061EPSS

CVE•added 2010/09/08 8:0 p.m.•74 views

CVE-2010-2960

The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact ...

7.8CVSS7.5AI score0.001EPSS

CVE•added 2010/06/11 7:30 p.m.•64 views

CVE-2010-1770

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary ...

9.3CVSS8.7AI score0.0902EPSS

CVE•added 2010/06/15 6:0 p.m.•64 views

CVE-2010-2302

Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: t...

10CVSS8.7AI score0.08537EPSS

CVE•added 2010/06/15 6:0 p.m.•53 views

CVE-2010-2297

rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.

9.3CVSS8.9AI score0.10393EPSS

CVE•added 2010/06/15 6:0 p.m.•52 views

CVE-2010-2301

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.

4.3CVSS6.9AI score0.00908EPSS