Filtered by vendor Suse
Subscriptions
Filtered by product Suse Linux Enterprise Server
Subscriptions
Total
143 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3654 | 2 Redhat, Suse | 7 Network Satellite, Satellite, Satellite With Embedded Oracle and 4 more | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. | ||||
| CVE-2014-3687 | 8 Canonical, Debian, Linux and 5 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2025-04-12 | 7.5 High |
| The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | ||||
| CVE-2014-3673 | 7 Canonical, Debian, Linux and 4 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2025-04-12 | 7.5 High |
| The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | ||||
| CVE-2014-7826 | 4 Linux, Opensuse, Redhat and 1 more | 5 Linux Kernel, Evergreen, Enterprise Linux and 2 more | 2025-04-12 | 7.8 High |
| kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. | ||||
| CVE-2014-8086 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-12 | 4.7 Medium |
| Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. | ||||
| CVE-2014-8121 | 4 Canonical, Gnu, Redhat and 1 more | 5 Ubuntu Linux, Glibc, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. | ||||
| CVE-2014-8134 | 6 Canonical, Linux, Opensuse and 3 more | 7 Ubuntu Linux, Linux Kernel, Evergreen and 4 more | 2025-04-12 | 3.3 Low |
| The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | ||||
| CVE-2014-8369 | 5 Debian, Linux, Opensuse and 2 more | 6 Debian Linux, Linux Kernel, Evergreen and 3 more | 2025-04-12 | 7.8 High |
| The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. | ||||
| CVE-2014-8559 | 7 Canonical, Linux, Novell and 4 more | 14 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 11 more | 2025-04-12 | 5.5 Medium |
| The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. | ||||
| CVE-2014-9116 | 4 Debian, Mageia, Mutt and 1 more | 5 Debian Linux, Mageia, Mutt and 2 more | 2025-04-12 | N/A |
| The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | ||||
| CVE-2014-9322 | 6 Canonical, Google, Linux and 3 more | 11 Ubuntu Linux, Android, Linux Kernel and 8 more | 2025-04-12 | 7.8 High |
| arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | ||||
| CVE-2010-2960 | 3 Canonical, Linux, Suse | 4 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | 7.8 High |
| The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. | ||||
| CVE-2010-1770 | 6 Apple, Canonical, Google and 3 more | 12 Mac Os X, Mac Os X Server, Safari and 9 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | ||||
| CVE-2010-2066 | 5 Canonical, Linux, Redhat and 2 more | 7 Ubuntu Linux, Linux Kernel, Enterprise Linux and 4 more | 2025-04-11 | 5.5 Medium |
| The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. | ||||
| CVE-2010-2297 | 3 Google, Opensuse, Suse | 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | N/A |
| rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. | ||||
| CVE-2010-2301 | 3 Google, Opensuse, Suse | 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762. | ||||
| CVE-2010-2302 | 3 Google, Opensuse, Suse | 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771. | ||||
| CVE-2010-2495 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more | 2025-04-11 | N/A |
| The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. | ||||
| CVE-2010-2524 | 5 Canonical, Linux, Redhat and 2 more | 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more | 2025-04-11 | 7.8 High |
| The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. | ||||
| CVE-2010-2537 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 2 more | 2025-04-11 | 7.1 High |
| The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. | ||||