Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Filtered by product Suse Linux Enterprise Server
Total 143 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9958 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2025-04-20 6.8 MEDIUM 7.8 HIGH
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVE-2015-7976 4 Novell, Ntp, Opensuse and 1 more 10 Suse Openstack Cloud, Ntp, Leap and 7 more 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
CVE-2016-9957 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2025-04-20 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in game-music-emu before 0.6.1.
CVE-2014-9854 4 Canonical, Imagemagick, Opensuse and 1 more 7 Ubuntu Linux, Imagemagick, Leap and 4 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
CVE-2015-3405 7 Debian, Fedoraproject, Ntp and 4 more 13 Debian Linux, Fedora, Ntp and 10 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
CVE-2015-5300 7 Canonical, Debian, Fedoraproject and 4 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVE-2016-9959 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2025-04-20 6.8 MEDIUM 7.8 HIGH
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2016-1602 1 Suse 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server 2025-04-20 7.2 HIGH 7.8 HIGH
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
CVE-2020-5504 3 Debian, Phpmyadmin, Suse 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server 2025-04-16 6.5 MEDIUM 8.8 HIGH
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
CVE-2014-0196 7 Canonical, Debian, F5 and 4 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2025-04-12 6.9 MEDIUM 5.5 MEDIUM
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
CVE-2016-0264 3 Ibm, Redhat, Suse 13 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 10 more 2025-04-12 6.8 MEDIUM 5.6 MEDIUM
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-1531 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.
CVE-2014-1509 5 Canonical, Mozilla, Opensuse and 2 more 16 Ubuntu Linux, Firefox, Firefox Esr and 13 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.
CVE-2014-1511 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2015-0500 2 Oracle, Suse 5 Communications Policy Management, Mysql, Suse Linux Enterprise Desktop and 2 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
CVE-2014-1510 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
CVE-2014-0181 4 Linux, Opensuse, Redhat and 1 more 7 Linux Kernel, Evergreen, Enterprise Linux Desktop and 4 more 2025-04-12 2.1 LOW N/A
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
CVE-2016-5244 4 Fedoraproject, Linux, Redhat and 1 more 11 Fedora, Linux Kernel, Enterprise Linux and 8 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE-2014-9116 4 Debian, Mageia, Mutt and 1 more 5 Debian Linux, Mageia, Mutt and 2 more 2025-04-12 5.0 MEDIUM N/A
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
CVE-2014-1496 2 Mozilla, Suse 7 Firefox, Firefox Esr, Seamonkey and 4 more 2025-04-12 1.9 LOW 5.5 MEDIUM
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.