Lucene search
+L
SuseSuse Linux Enterprise Software Development Kit

35 matches found

CVE
CVE
added 2018/01/04 1:0 p.m.1148 views

CVE-2017-5753

CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...

5.6CVSS6.1AI score0.93838EPSS
CVE
CVE
added 2013/07/26 11:0 p.m.467 views

CVE-2013-4854

CVE-2013-4854 affects ISC BIND, where the RFC 5011 RDATA handling in rdata.c can trigger an assertion failure during log message construction when processing a malformed RDATA, allowing remote DoS with named exiting. Vulnerable ranges include BIND 9.7.x and 9.8.x before 9.8.5-P2 and 9.8.6b1, 9.9....

7.8CVSS5.6AI score0.3415EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.179 views

CVE-2014-1510

CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...

9.8CVSS9.2AI score0.82339EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.166 views

CVE-2014-1509

CVE-2014-1509 is a buffer overflow in cairo's _cairo_truetype_index_to_ucs4 function that affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The vulnerability can allow remote code execution via a crafted extension that renders f...

8.8CVSS9.4AI score0.0503EPSS
CVE
CVE
added 2016/06/27 10:0 a.m.166 views

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

7.5CVSS6.9AI score0.05521EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.165 views

CVE-2013-5609

CVE-2013-5609 is a set of memory-corruption/denial-of-service vulnerabilities in the Mozilla Firefox browser engine, affecting Firefox (including ESR 24.x) and related products prior to versions around 26.0 (per the referenced MiracleLinux AXSA advisories). The issues could allow remote attackers...

10CVSS10AI score0.08091EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.159 views

CVE-2014-1477

CVE-2014-1477 affects Mozilla Firefox before 27.0 (and related ESR/Thunderbird/SeaMonkey versions) where the browser engine contains multiple unspecified vulnerabilities that could lead to memory corruption, application crashes, or possibly arbitrary code execution via unknown vectors. Exploitati...

9.8CVSS9.3AI score0.05506EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.159 views

CVE-2014-1514

CVE-2014-1514 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue arises from not validating the length of the destination array before a copy operation in TypedArrayObject, allowing remote attackers to execute arbitrary...

9.8CVSS9.5AI score0.06087EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.158 views

CVE-2014-1493

CVE-2014-1493 is a Mozilla Firefox/Thunderbird/SeaMonkey browser-engine vulnerability reported in multiple advisories. IBM Storwize V7000 Unified and IBM SONAS bulletins note these issues affect shipped Firefox and advise upgrading to version 1.4.3.3 (Storwize Unified) or 1.4.3.3 (SONAS) to apply...

10CVSS9.8AI score0.08099EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.158 views

CVE-2014-1508

CVE-2014-1508 affects Mozilla Firefox family components (libxul) where libxul.so!gfxContext::Polygon can leak memory, cause out-of-bounds reads, or crash, with potential Same Origin Policy bypass via MathML polygon rendering. Affected: Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbir...

9.1CVSS9.1AI score0.0427EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.157 views

CVE-2014-1512

The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...

10CVSS9.4AI score0.31373EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.154 views

CVE-2014-1486

CVE-2014-1486 is a use-after-free in Mozilla Firefox’s imgRequestProxy function (affecting Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24). The vulnerability enables remote code execution via image data with unspecified Content-Type values. Mirac...

10CVSS8.8AI score0.07072EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.150 views

CVE-2014-1479

CVE-2014-1479 affects Mozilla Firefox (including ESR 24.x line), Thunderbird, and SeaMonkey before versions around 27.0/24.x 24.3/SeaMonkey 2.24. The flaw, in the System Only Wrapper (SOW) implementation, does not prevent certain cloning operations, allowing remote attackers to bypass restriction...

7.5CVSS8.3AI score0.04602EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.150 views

CVE-2014-1497

CVE-2014-1497 affects mozilla::WaveReader::DecodeAudioData in Mozilla Firefox up to 28.0 (and ESR 24.x up to 24.4), Thunderbird up to 24.4, and SeaMonkey up to 2.25. A crafted WAV file can cause information disclosure from process heap memory and can trigger a denial of service via an out-of-boun...

8.8CVSS9.4AI score0.02826EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.148 views

CVE-2014-1481

CVE-2014-1481 affects Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24. It enables remote attackers to bypass restrictions on window objects by exploiting inconsistencies in native JavaScript engine getter methods. Impact per sources is...

7.5CVSS8.5AI score0.03889EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.148 views

CVE-2014-1482

CVE-2014-1482 affects Mozilla Firefox and related Mozilla products. The issue is that RasterImage.cpp does not prevent access to discarded image data, enabling remote attackers to run arbitrary code or cause a denial of service via crafted image data (Goo Create demonstrated). Affected versions i...

9.3CVSS9AI score0.06304EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.145 views

CVE-2014-1513

The CVE-2014-1513 issue affects Mozilla Firefox (and related Mozilla suite components) prior to version 28.0, and Firefox ESR 24.x prior to 24.4, with Firefox/SeaMonkey/Thunderbird affecting ArrayBuffer usage. Root cause: TypedArrayObject mishandles a zero-length transition during ArrayBuffer use...

9.3CVSS9.4AI score0.05576EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.142 views

CVE-2014-1487

CVE-2014-1487 affects Mozilla Firefox (Web workers) and related Mozilla suite components. The issue allows remote attackers to bypass Same Origin Policy and obtain sensitive authentication data via error-message handling in Web workers, affecting Firefox versions before 27.0 (and ESR 24.x before ...

7.5CVSS8.3AI score0.02335EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.141 views

CVE-2013-5613

Mode C: Detailed vulnerability note for CVE-2013-5613. Affected product/variant: Mozilla Firefox components shipped in MiracleLinux 3 (firefox-24.4.0-1.0.1.AXS3) per AXSA:2014-233:01. Root cause: Use-after-free in PresShell::DispatchSynthMouseMove, linked to RestyleManager::GetHoverGeneration, en...

10CVSS9.6AI score0.09448EPSS
CVE
CVE
added 2016/05/02 10:0 a.m.141 views

CVE-2016-3951

CVE-2016-3951 concerns a double-free in Linux kernel drivers/net/usb/cdc_ncm.c, exploitable when a USB device with an invalid descriptor is inserted. Affected: Linux kernel pre-4.5; impact: denial of service (system crash) and potential unspecified effects. The linked Unity security advisories co...

4.9CVSS6.8AI score0.00586EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.140 views

CVE-2015-8845

CVE-2015-8845 affects the Linux kernel on powerpc platforms prior to 4.4.1. The vulnerability arises because the tm_reclaim_thread function in arch/powerpc/kernel/process.c may proceed with a TM reclaim call without verifying that TM suspend mode exists, enabling local users to trigger a denial o...

5.5CVSS6AI score0.00393EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.138 views

CVE-2013-5616

CVE-2013-5616 is a use-after-free in Mozilla Firefox before 26.0 (also affects ESR 24.x before 24.2, Thunderbird before 24.2, SeaMonkey before 2.23) triggered by nsEventListenerManager::HandleEventSubType. Exploitation could lead to remote code execution or a denial of service due to heap memory ...

9.8CVSS9.6AI score0.06672EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.134 views

CVE-2013-5618

CVE-2013-5618 is a use-after-free in Mozilla Firefox’s table-editing UI (nsNodeUtils::LastRelease). Affected: Firefox < 26.0, Firefox ESR < 24.2, Thunderbird < 24.2, SeaMonkey

10CVSS9.6AI score0.10407EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.130 views

CVE-2013-5615

CVE-2013-5615 concerns GetElementIC typed array stubs being generated outside observed typesets in the Mozilla JavaScript engine. The connected vendor notes identify affected products as Mozilla Firefox (and related Firefox ESR/Thunderbird/SeaMonkey lines in the 2013 MFSA bundle) with fixes imple...

9.8CVSS9.2AI score0.04219EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.130 views

CVE-2014-1483

Technical details for CVE-2014-1483 are not publicly provided in the connected documents; sources reference the CVE but do not disclose affected products, versions, root cause, impact, or fixes. Monitor for updates.

5CVSS9AI score0.02467EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.121 views

CVE-2013-6673

Technical details about CVE-2013-6673 are not publicly available in the provided connected documents; monitor for updates.

5.9CVSS6.9AI score0.02886EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.120 views

CVE-2012-5830

CVE-2012-5830 is a use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X that allows remote attackers to execute arbitrary code via an HTML document. The con...

8.8CVSS8.9AI score0.03814EPSS
CVE
CVE
added 2013/12/11 3:0 p.m.119 views

CVE-2013-6671

CVE-2013-6671 affects Mozilla Firefox before 26.0 (and corresponding ESR/Thunderbird/SeaMonkey releases listed) where nsGfxScrollFrameInner::IsLTR can be abused by crafted JavaScript used with ordered list elements to trigger remote code execution. The vulnerability is a browser-engine issue that...

10CVSS9.6AI score0.11076EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.115 views

CVE-2014-1511

CVE-2014-1511 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue is described as a remote bypass of the popup blocker via unspecified vectors. Public security advisories in 2014 consolidate Firefox/Thunderbird/SeaMonkey...

9.8CVSS9AI score0.83633EPSS
CVE
CVE
added 2013/11/05 8:0 p.m.114 views

CVE-2013-4419

CVE-2013-4419 affects libguestfs guestfish when using --remote/--listen: temporary socket ownership is not properly checked under /tmp/.guestfish-$UID/, allowing a local user to pre-create that directory and then write to the socket to execute commands. Affected are libguestfs versions up to and ...

6.8CVSS7AI score0.00754EPSS
CVE
CVE
added 2015/04/28 2:0 p.m.95 views

CVE-2015-3340

CVE-2015-3340 affects Xen 4.2.x through 4.5.x and involves uninitialized fields, allowing certain remote domains to read sensitive memory content via XEN_DOMCTL_gettscinfo or XEN_SYSCTL_getdomaininfolist. Public advisories (e.g., Debian DSA-3414) classify this as a denial of information disclosur...

2.9CVSS6.3AI score0.00793EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.93 views

CVE-2015-0500

CVE-2015-0500 is an unspecified vulnerability affecting Oracle MySQL Server 5.6.23 and earlier, permitting remote authenticated users to affect availability via unknown vectors. The issue is listed in multiple advisories and OpenVAS entries; affected version range is 5.6.23 and earlier. The provi...

4CVSS7.7AI score0.02445EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.85 views

CVE-2014-1496

CVE-2014-1496 affects Mozilla Firefox (up to 28.0) and related Mozilla suite components (Firefox ESR 24.x up to 24.4, Thunderbird up to 24.4, SeaMonkey up to 2.25). The vulnerability allows local users to gain privileges by modifying the extracted Mar contents during an update, constituting a loc...

5.5CVSS7AI score0.00379EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.82 views

CVE-2015-0439

CVE-2015-0439 is an unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier that could allow remote authenticated users to affect availability via unknown vectors in the InnoDB component. The issue is described as involving the Server : InnoDB with the same or related CVEs, and remedi...

4CVSS4.6AI score0.02288EPSS
CVE
CVE
added 2014/05/23 2:0 p.m.69 views

CVE-2013-1864

The CVE-2013-1864 issue affects PTLib (Portable Tool Library) before 2.10.10 as used in Ekiga before 4.0.1. The vulnerability arises from improper detection of recursion during entity expansion, enabling a remote attacker to cause a denial of service via crafted PXML documents with a very large n...

4.3CVSS6.5AI score0.0285EPSS