Filtered by vendor Suse
Subscribe
Total
1179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||||
| CVE-2016-1602 | 1 Suse | 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | |||||
| CVE-2017-13088 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2025-04-20 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. | |||||
| CVE-2017-13084 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2025-04-20 | 5.4 MEDIUM | 6.8 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |||||
| CVE-2017-1000366 | 8 Debian, Gnu, Mcafee and 5 more | 20 Debian Linux, Glibc, Web Gateway and 17 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | |||||
| CVE-2017-7297 | 1 Suse | 1 Rancher | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. | |||||
| CVE-2017-17806 | 6 Canonical, Debian, Linux and 3 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | |||||
| CVE-2017-13080 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2025-04-20 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | |||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2025-04-16 | 6.5 MEDIUM | 8.8 HIGH |
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | |||||
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2025-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | |||||
| CVE-2015-5154 | 4 Fedoraproject, Qemu, Suse and 1 more | 8 Fedora, Qemu, Linux Enterprise Debuginfo and 5 more | 2025-04-12 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | |||||
| CVE-2015-7547 | 10 Canonical, Debian, F5 and 7 more | 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | |||||
| CVE-2015-2808 | 9 Canonical, Debian, Fujitsu and 6 more | 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. | |||||
| CVE-2016-1656 | 3 Google, Opensuse, Suse | 4 Android, Chrome, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | |||||
| CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
| CVE-2014-3687 | 8 Canonical, Debian, Linux and 5 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | |||||
| CVE-2016-2792 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | |||||
| CVE-2016-4136 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2015-0484 | 3 Opensuse, Oracle, Suse | 5 Opensuse, Javafx, Jdk and 2 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. | |||||
| CVE-2016-1659 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||