Filtered by vendor Suse Subscriptions
Filtered by product Linux Enterprise Subscriptions
Total 139 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-0609 9 Adobe, Apple, Google and 6 more 15 Acrobat, Acrobat Reader, Air and 12 more 2024-12-20 7.8 High
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVE-2009-3953 6 Adobe, Apple, Microsoft and 3 more 7 Acrobat, Mac Os X, Windows and 4 more 2024-12-19 8.8 High
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
CVE-2009-4324 6 Adobe, Apple, Microsoft and 3 more 8 Acrobat, Acrobat Reader, Mac Os X and 5 more 2024-12-19 7.8 High
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
CVE-2024-23301 4 Fedoraproject, Redhat, Relax-and-recover and 1 more 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more 2024-11-21 5.5 Medium
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
CVE-2023-34256 3 Debian, Linux, Suse 3 Debian Linux, Linux Kernel, Linux Enterprise 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
CVE-2022-21950 2 Opensuse, Suse 4 Backports Sle, Canna, Factory and 1 more 2024-11-21 5.3 Medium
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.
CVE-2021-4166 7 Apple, Debian, Fedoraproject and 4 more 8 Mac Os X, Macos, Debian Linux and 5 more 2024-11-21 7.1 High
vim is vulnerable to Out-of-bounds Read
CVE-2021-4028 3 Linux, Redhat, Suse 9 Linux Kernel, Enterprise Linux, Rhel Aus and 6 more 2024-11-21 7.8 High
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
CVE-2021-41819 6 Debian, Fedoraproject, Opensuse and 3 more 12 Debian Linux, Fedora, Factory and 9 more 2024-11-21 7.5 High
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2021-41817 6 Debian, Fedoraproject, Opensuse and 3 more 12 Debian Linux, Fedora, Factory and 9 more 2024-11-21 7.5 High
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2020-7106 5 Cacti, Debian, Fedoraproject and 2 more 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more 2024-11-21 6.1 Medium
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
CVE-2020-6416 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-11-21 8.8 High
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6415 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-11-21 8.8 High
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6408 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-11-21 6.5 Medium
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
CVE-2020-6406 5 Debian, Fedoraproject, Google and 2 more 9 Debian Linux, Fedora, Chrome and 6 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6404 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-11-21 8.8 High
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6403 7 Apple, Debian, Fedoraproject and 4 more 11 Iphone Os, Debian Linux, Fedora and 8 more 2024-11-21 4.3 Medium
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6402 7 Apple, Debian, Fedoraproject and 4 more 11 Macos, Debian Linux, Fedora and 8 more 2024-11-21 8.8 High
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
CVE-2020-6400 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-11-21 6.5 Medium
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6398 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-11-21 8.8 High
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.