VYPR

Vendor CVEs

SUSE S.A.

All CVEs

1,448 total · sorted by risk
  • CVE-2014-3647MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2014-3646MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.00

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2014-3610MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest…

  • CVE-2012-1146MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.01

    The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash)…

  • CVE-2012-1090MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.

  • CVE-2012-0879MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

  • CVE-2024-38394MedJun 16, 2024
    risk 0.28cvss 4.3epss 0.00

    Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB…

  • CVE-2022-43753MedNov 10, 2022
    risk 0.28cvss 4.3epss 0.01

    A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote…

  • CVE-2022-31255MedNov 10, 2022
    risk 0.28cvss 4.3epss 0.01

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote…

  • CVE-2020-8996MedFeb 16, 2020
    risk 0.28cvss 4.3epss 0.01

    AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.

  • CVE-2018-12476MedJan 27, 2020
    risk 0.28cvss 4.3epss 0.01

    Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects:…

  • CVE-2015-7976MedJan 30, 2017
    risk 0.28cvss 4.3epss 0.03

    The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

  • CVE-2016-5400MedAug 6, 2016
    risk 0.28cvss 4.3epss 0.00

    Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV…

  • CVE-2016-0668MedApr 21, 2016
    risk 0.27cvss 4.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.

  • CVE-2018-20105MedJan 27, 2020
    risk 0.26cvss 4.0epss 0.00

    A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions…

  • CVE-2019-18900MedJan 24, 2020
    risk 0.26cvss 4.0epss 0.00

    : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform…

  • CVE-2019-3687MedJan 24, 2020
    risk 0.26cvss 4.0epss 0.00

    The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439…

  • CVE-2017-7995LowMay 3, 2017
    risk 0.25cvss 3.8epss 0.00

    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before…

  • CVE-2026-43430MedMay 8, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a…

  • CVE-2017-14806LowJan 27, 2020
    risk 0.24cvss 3.7epss 0.00

    A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite…

  • CVE-2016-10741MedFeb 1, 2019
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.

  • CVE-2024-49503LowNov 28, 2024
    risk 0.23cvss 3.5epss 0.00

    A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.…

  • CVE-2024-49502LowNov 28, 2024
    risk 0.23cvss 3.5epss 0.00

    A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects…

  • CVE-2020-8030LowFeb 11, 2021
    risk 0.23cvss 3.6epss 0.00

    A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.

  • CVE-2018-17957LowDec 26, 2018
    risk 0.22cvss 3.4epss 0.00

    The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.

  • CVE-2014-8134LowDec 12, 2014
    risk 0.22cvss 3.3epss 0.01

    The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a…

  • CVE-2026-47330LowMay 28, 2026
    risk 0.21cvss 3.3epss 0.00

    Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor…

  • CVE-2026-47329LowMay 28, 2026
    risk 0.21cvss 3.3epss 0.00

    Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.

  • CVE-2021-32000LowJul 28, 2021
    risk 0.21cvss 3.2epss 0.00

    A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue…

  • CVE-2021-25317LowMay 5, 2021
    risk 0.21cvss 3.3epss 0.00

    A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root…

  • CVE-2021-25316LowApr 14, 2021
    risk 0.21cvss 3.3epss 0.00

    A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to…

  • CVE-2012-0433LowJun 8, 2018
    risk 0.21cvss 3.3epss 0.00

    The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data.

  • CVE-2017-17807LowDec 20, 2017
    risk 0.21cvss 3.3epss 0.00

    The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring…

  • CVE-2020-8029LowFeb 11, 2021
    risk 0.19cvss 2.9epss 0.00

    A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.

  • CVE-2019-3700LowJan 24, 2020
    risk 0.19cvss 2.9epss 0.00

    yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security…

  • CVE-2018-19637LowMar 5, 2019
    risk 0.18cvss 2.8epss 0.00

    Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

  • CVE-2022-43754LowNov 10, 2022
    risk 0.17cvss 2.6epss 0.00

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote…

  • CVE-2019-11191LowApr 12, 2019
    risk 0.16cvss 2.5epss 0.01

    The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the…

  • CVE-2026-46057LowMay 27, 2026
    risk 0.14cvss 3.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork() hook_cred_transfer() only copies the Landlock security blob when the source credential has a domain. This is inconsistent with…

  • CVE-2020-8013LowMar 2, 2020
    risk 0.14cvss 2.2epss 0.00

    A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The…

  • CVE-2018-17955LowMar 15, 2019
    risk 0.14cvss 2.2epss 0.00

    In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection

  • CVE-2018-19638LowMar 5, 2019
    risk 0.14cvss 2.2epss 0.00

    In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.

  • CVE-2011-3192Aug 29, 2011
    risk 0.11cvss epss 0.99

    The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in…

  • CVE-2014-0569Oct 15, 2014
    risk 0.10cvss epss 0.90

    Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to…

  • CVE-2012-0053Jan 28, 2012
    risk 0.10cvss epss 0.83

    protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2)…

  • CVE-2009-1185Apr 17, 2009
    risk 0.10cvss epss 0.82

    udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

  • CVE-2013-0758Jan 13, 2013
    risk 0.09cvss epss 0.73

    Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome…

  • CVE-2011-0762Mar 2, 2011
    risk 0.09cvss epss 0.73

    The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability…

  • CVE-2013-4547Nov 23, 2013
    risk 0.08cvss epss 0.68

    nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

  • CVE-2013-0757Jan 13, 2013
    risk 0.08cvss epss 0.61

    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows…

Page 14 of 29