Suse Linux Enterprise Server vulnerabilities
472 known vulnerabilities affecting suse/linux_enterprise_server.
Total CVEs
472
CISA KEV
17
actively exploited
Public exploits
51
Exploited in wild
19
Severity breakdown
CRITICAL116HIGH91MEDIUM215LOW50
Vulnerabilities
Page 12 of 24
CVE-2014-1504LOWCVSS 2.6v112014-03-19
CVE-2014-1504 [LOW] CWE-264 CVE-2014-1504: The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consid
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.
nvd
CVE-2014-2309MEDIUMCVSS 6.1v112014-03-11
CVE-2014-2309 [MEDIUM] CWE-119 CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
nvd
CVE-2014-0069HIGHCVSS 7.2v112014-02-28
CVE-2014-0069 [HIGH] CWE-119 CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges
nvd
CVE-2014-1874MEDIUMCVSS 4.9v102014-02-28
CVE-2014-1874 [MEDIUM] CWE-20 CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel befo
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
nvd
CVE-2014-1490CRITICALCVSS 9.3v112014-02-06
CVE-2014-1490 [CRITICAL] CWE-362 CVE-2014-1490: Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozill
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involv
nvd
CVE-2014-1488CRITICALCVSS 10.0v112014-02-06
CVE-2014-1488 [CRITICAL] CVE-2014-1488: The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remot
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
nvd
CVE-2014-1485HIGHCVSS 7.5v112014-02-06
CVE-2014-1485 [HIGH] CVE-2014-1485: The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
nvd
CVE-2014-1491MEDIUMCVSS 4.3v112014-02-06
CVE-2014-1491 [MEDIUM] CWE-326 CVE-2014-1491: Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firef
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanis
nvd
CVE-2014-1483MEDIUMCVSS 5.0v112014-02-06
CVE-2014-1483 [MEDIUM] CWE-1021 CVE-2014-1483: Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Orig
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
nvd
CVE-2014-1480MEDIUMCVSS 4.3v112014-02-06
CVE-2014-1480 [MEDIUM] CWE-1021 CVE-2014-1480: The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not p
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
nvd
CVE-2014-1489MEDIUMCVSS 4.3v112014-02-06
CVE-2014-1489 [MEDIUM] CWE-264 CVE-2014-1489: Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on oth
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
nvd
CVE-2014-1484MEDIUMCVSS 5.0v112014-02-06
CVE-2014-1484 [MEDIUM] CWE-200 CVE-2014-1484: Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
nvd
CVE-2013-0339MEDIUMCVSS 6.8v102014-01-21
CVE-2013-0339 [MEDIUM] CWE-264 CVE-2013-0339: libxml2 through 2.9.1 does not properly handle external entities expansion unless an application dev
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, a
nvd
CVE-2013-4458MEDIUMCVSS 5.0v112013-12-12
CVE-2013-4458 [MEDIUM] CWE-119 CVE-2013-4458: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Libr
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplet
nvd
CVE-2013-5610CRITICALCVSS 10.0v112013-12-11
CVE-2013-5610 [CRITICAL] CWE-787 CVE-2013-5610: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMon
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2013-5619HIGHCVSS 7.5v112013-12-11
CVE-2013-5619 [HIGH] CWE-190 CVE-2013-5619: Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox be
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
nvd
CVE-2013-5611MEDIUMCVSS 5.8v112013-12-11
CVE-2013-5611 [MEDIUM] CVE-2013-5611: Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
nvd
CVE-2013-6673MEDIUMCVSS 5.9v112013-12-11
CVE-2013-6673 [MEDIUM] CWE-310 CVE-2013-6673: Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey be
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
nvd
CVE-2013-6672MEDIUMCVSS 4.3v112013-12-11
CVE-2013-6672 [MEDIUM] CWE-200 CVE-2013-6672: Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
nvd
CVE-2013-5614MEDIUMCVSS 4.3v112013-12-11
CVE-2013-5614 [MEDIUM] CWE-1021 CVE-2013-5614: Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.
nvd