Suse Linux Enterprise Server vulnerabilities

472 known vulnerabilities affecting suse/linux_enterprise_server.

Total CVEs

472

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL116HIGH91MEDIUM215LOW50

Vulnerabilities

Page 13 of 24

CVE-2013-5612MEDIUMCVSS 4.3v112013-12-11

CVE-2013-5612 [MEDIUM] CWE-79 CVE-2013-5612: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 ma Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

nvd

CVE-2013-4002HIGHCVSS 7.1v9v10+1 more2013-07-23

CVE-2013-4002 [HIGH] CVE-2013-4002: XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Jav

nvd

CVE-2013-3808MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3808 [MEDIUM] CVE-2013-3808: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 a Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

nvd

CVE-2013-3805MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3805 [MEDIUM] CVE-2013-3805: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.1 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.

nvd

CVE-2013-3794MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3794 [MEDIUM] CVE-2013-3794: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.1 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

nvd

CVE-2013-3793MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3793 [MEDIUM] CVE-2013-3793: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.1 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

nvd

CVE-2013-3801MEDIUMCVSS 5.0v112013-07-17

CVE-2013-3801 [MEDIUM] CVE-2013-3801: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.1 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

nvd

CVE-2013-3802MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3802 [MEDIUM] CVE-2013-3802: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 a Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

nvd

CVE-2013-3783MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3783 [MEDIUM] CVE-2013-3783: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows re Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.

nvd

CVE-2013-3809MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3809 [MEDIUM] CVE-2013-3809: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.1 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.

nvd

CVE-2013-3804MEDIUMCVSS 4.0v112013-07-17

CVE-2013-3804 [MEDIUM] CVE-2013-3804: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 a Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

nvd

CVE-2013-3812LOWCVSS 3.5v112013-07-17

CVE-2013-3812 [LOW] CVE-2013-3812: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.1 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

nvd

CVE-2013-1690HIGHCVSS 8.8KEVPoCv10v112013-06-26

CVE-2013-1690 [HIGH] CWE-119 CVE-2013-1690: Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderb Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that t

nvd

CVE-2013-2465CRITICALCVSS 9.8KEVPoCv10v112013-06-18

CVE-2013-2465 [CRITICAL] CWE-693 CVE-2013-2465: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2

nvd

CVE-2013-2147LOWCVSS 2.1v102013-06-07

CVE-2013-2147 [LOW] CWE-399 CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in th The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in d

nvd

CVE-2013-2020MEDIUMCVSS 5.0v11.02013-05-13

CVE-2013-2020 [MEDIUM] CWE-189 CVE-2013-2020: Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

nvd

CVE-2013-2021MEDIUMCVSS 4.3v11.02013-05-13

CVE-2013-2021 [MEDIUM] CWE-119 CVE-2013-2021: pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-b pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

nvd

CVE-2013-3301HIGHCVSS 7.2PoCv112013-04-29

CVE-2013-3301 [HIGH] CVE-2013-3301: The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of s The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

nvd

CVE-2013-0800MEDIUMCVSS 6.8v10v112013-04-03

CVE-2013-0800 [MEDIUM] CVE-2013-0800: Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values t

nvd

CVE-2013-1861MEDIUMCVSS 5.0PoCv112013-03-28

CVE-2013-1861 [MEDIUM] CWE-119 CVE-2013-1861: MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing

nvd

← Previous13 / 24Next →