Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Filtered by product Linux Enterprise Desktop
Total 464 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9852 3 Imagemagick, Opensuse, Suse 7 Imagemagick, Leap, Opensuse and 4 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
CVE-2017-13087 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2014-9853 6 Canonical, Imagemagick, Novell and 3 more 11 Ubuntu Linux, Imagemagick, Leap and 8 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVE-2016-9959 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2025-04-20 6.8 MEDIUM 7.8 HIGH
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2016-1602 1 Suse 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server 2025-04-20 7.2 HIGH 7.8 HIGH
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
CVE-2017-5898 2 Qemu, Suse 5 Qemu, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2025-04-20 2.1 LOW 5.5 MEDIUM
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
CVE-2014-5077 4 Canonical, Linux, Redhat and 1 more 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Eus and 5 more 2025-04-12 7.1 HIGH N/A
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
CVE-2014-6464 3 Mariadb, Oracle, Suse 6 Mariadb, Mysql, Linux Enterprise Desktop and 3 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
CVE-2014-4027 5 Canonical, F5, Linux and 2 more 26 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 23 more 2025-04-12 2.3 LOW N/A
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
CVE-2014-7815 5 Canonical, Debian, Qemu and 2 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-12 5.0 MEDIUM N/A
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-7169 17 Apple, Arista, Canonical and 14 more 85 Mac Os X, Eos, Ubuntu Linux and 82 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2016-4154 8 Adobe, Apple, Google and 5 more 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more 2025-04-12 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2015-5122 7 Adobe, Apple, Linux and 4 more 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
CVE-2014-6474 3 Mariadb, Oracle, Suse 6 Mariadb, Mysql, Linux Enterprise Desktop and 3 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.
CVE-2015-8926 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE-2015-0391 4 Mariadb, Oracle, Redhat and 1 more 12 Mariadb, Mysql, Enterprise Linux Desktop and 9 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2015-2573 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2014-1500 5 Mozilla, Opensuse, Opensuse Project and 2 more 8 Firefox, Seamonkey, Opensuse and 5 more 2025-04-12 5.0 MEDIUM N/A
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
CVE-2015-3113 8 Adobe, Apple, Hp and 5 more 18 Flash Player, Mac Os X, Insight Orchestration and 15 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
CVE-2014-3468 5 Debian, F5, Gnu and 2 more 16 Debian Linux, Arx, Arx Firmware and 13 more 2025-04-12 7.5 HIGH N/A
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.