Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Suse Subscribe
Total 1091 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7811 2 Redhat, Suse 3 Network Satellite, Spacewalk, Manager 2023-02-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.
CVE-2014-7815 5 Canonical, Debian, Qemu and 2 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2023-02-12 5.0 MEDIUM N/A
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
CVE-2014-7812 2 Redhat, Suse 3 Satellite, Spacewalk, Manager 2023-02-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
CVE-2014-5077 4 Canonical, Linux, Redhat and 1 more 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Eus and 5 more 2023-02-12 7.1 HIGH N/A
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
CVE-2014-7826 3 Linux, Opensuse, Suse 3 Linux Kernel, Evergreen, Suse Linux Enterprise Server 2023-02-12 7.2 HIGH 7.8 HIGH
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
CVE-2014-3654 2 Redhat, Suse 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more 2023-02-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
CVE-2014-3647 7 Canonical, Debian, Linux and 4 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2023-02-12 1.9 LOW 5.5 MEDIUM
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3687 8 Canonical, Debian, Linux and 5 more 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more 2023-02-12 7.8 HIGH 7.5 HIGH
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
CVE-2014-3610 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
CVE-2014-3673 7 Canonical, Debian, Linux and 4 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-02-12 7.8 HIGH 7.5 HIGH
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
CVE-2014-3646 6 Canonical, Debian, Linux and 3 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2023-02-12 4.7 MEDIUM 5.5 MEDIUM
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3601 4 Canonical, Linux, Opensuse and 1 more 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more 2023-02-12 4.3 MEDIUM N/A
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
CVE-2014-1874 3 Canonical, Linux, Suse 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Server 2023-02-12 4.9 MEDIUM N/A
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
CVE-2014-0223 2 Qemu, Suse 2 Qemu, Linux Enterprise Server 2023-02-12 4.6 MEDIUM N/A
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
CVE-2014-0222 2 Qemu, Suse 2 Qemu, Linux Enterprise Server 2023-02-12 7.5 HIGH N/A
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
CVE-2014-0196 7 Canonical, Debian, F5 and 4 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2023-02-12 6.9 MEDIUM N/A
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
CVE-2014-0131 3 Linux, Opensuse, Suse 3 Linux Kernel, Evergreen, Linux Enterprise Server 2023-02-12 2.9 LOW N/A
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
CVE-2014-0069 3 Linux, Redhat, Suse 9 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more 2023-02-12 7.2 HIGH N/A
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
CVE-2012-0879 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
CVE-2011-1585 2 Linux, Suse 2 Linux Kernel, Suse Linux Enterprise Server 2023-02-12 3.3 LOW N/A
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.