Every CVE whose affected-product data names Suse Linux Enterprise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (97)
CVE-2016-1659 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have…
CVE-2010-2941 — CVSS 9.8 (critical): ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which…
CVE-2010-1866 — CVSS 9.8 (critical): The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a…
CVE-2016-2796 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before…
CVE-2016-2797 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-2798 — CVSS 8.8 (high): The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2799 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2800 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2801 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2802 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2806 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote…
CVE-2016-2807 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR…
CVE-2016-2793 — CVSS 8.8 (high): CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers…
CVE-2016-2794 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2795 — CVSS 8.8 (high): The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-1672 — CVSS 8.8 (high): The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before…
CVE-2016-1673 — CVSS 8.8 (high): Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2016-1674 — CVSS 8.8 (high): The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified…
CVE-2016-1675 — CVSS 8.8 (high): Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling…
CVE-2016-1676 — CVSS 8.8 (high): extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes…
CVE-2016-1678 — CVSS 8.8 (high): objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization…
CVE-2016-1679 — CVSS 8.8 (high): The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not…
CVE-2016-1680 — CVSS 8.8 (high): Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote…
CVE-2016-1681 — CVSS 8.8 (high): Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before…
CVE-2016-1695 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have…
CVE-2016-1696 — CVSS 8.8 (high): The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to…
CVE-2016-1697 — CVSS 8.8 (high): The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79…
CVE-2016-1701 — CVSS 8.8 (high): The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that…
CVE-2016-1703 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have…
CVE-2016-1960 — CVSS 8.8 (high): Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-1961 — CVSS 8.8 (high): Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and…
CVE-2016-1964 — CVSS 8.8 (high): Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote…
CVE-2016-1974 — CVSS 8.8 (high): The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory…
CVE-2016-1977 — CVSS 8.8 (high): The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-5131 — CVSS 8.8 (high): Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a…
CVE-2016-2790 — CVSS 8.8 (high): The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2791 — CVSS 8.8 (high): The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-2792 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2018-14523 — CVSS 8.8 (high): An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by…
CVE-2018-14522 — CVSS 8.8 (high): An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
CVE-2016-1653 — CVSS 8.8 (high): The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote…
CVE-2016-1655 — CVSS 8.8 (high): Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote…
CVE-2016-1651 — CVSS 8.1 (high): fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb…
CVE-2021-4028 — CVSS 7.8 (high): A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a…
CVE-2009-0749 — CVSS 7.8 (high): Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows…
CVE-2016-9959 — CVSS 7.8 (high): game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2020-14147 — CVSS 7.7 (high): An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run…
CVE-2016-1683 — CVSS 7.5 (high): numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers…
CVE-2013-4480 — CVSS 7.5 (high): Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows…
CVE-2009-0949 — CVSS 7.5 (high): The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which…
CVE-2021-41817 — CVSS 7.5 (high): Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions…
CVE-2021-41819 — CVSS 7.5 (high): CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2016-1656 — CVSS 7.5 (high): The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname…
CVE-2016-1690 — CVSS 7.5 (high): The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that…
CVE-2016-1691 — CVSS 7.5 (high): Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service…
CVE-2010-0013 — CVSS 7.5 (high): Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers…
CVE-2016-1700 — CVSS 7.5 (high): extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an…
CVE-2016-7966 — CVSS 7.3 (high): Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser…
CVE-2009-3231 — CVSS 6.8 (medium): The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows…
CVE-2009-0040 — CVSS 6.8 (medium): The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows…
CVE-2010-0629 — CVSS 6.5 (medium): Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote…
CVE-2009-2416 — CVSS 6.5 (medium): Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent…
CVE-2016-1654 — CVSS 6.5 (medium): The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers…
CVE-2016-1677 — CVSS 6.5 (medium): uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote…
CVE-2016-1685 — CVSS 6.5 (medium): core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows…
CVE-2016-1686 — CVSS 6.5 (medium): The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before…
CVE-2016-1687 — CVSS 6.5 (medium): The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote…
CVE-2016-1688 — CVSS 6.5 (medium): The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles…
CVE-2016-1689 — CVSS 6.5 (medium): Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers…
CVE-2016-1698 — CVSS 6.5 (medium): The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79…
CVE-2016-1699 — CVSS 6.5 (medium): WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before…
CVE-2016-1702 — CVSS 6.5 (medium): The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the…
CVE-2016-1652 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the…
CVE-2016-1682 — CVSS 6.1 (medium): The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink…
CVE-2016-5325 — CVSS 6.1 (medium): CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before…
CVE-2008-4989 — CVSS 5.9 (medium): The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which…
CVE-2009-2408 — CVSS 5.9 (medium): Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do…
CVE-2016-7099 — CVSS 5.9 (medium): The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does…
CVE-2024-23301 — CVSS 5.5 (medium): Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain…
CVE-2016-8568 — CVSS 5.5 (medium): The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read)…
CVE-2016-8569 — CVSS 5.5 (medium): The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer…
CVE-2023-34256 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from…
CVE-2016-2178 — CVSS 5.5 (medium): The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time…
CVE-2016-1693 — CVSS 5.3 (medium): browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain…
CVE-2016-1694 — CVSS 5.3 (medium): browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it…
CVE-2016-1692 — CVSS 5.3 (medium): WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS…
CVE-2008-6123 — CVSS 5.0 (medium): The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client…
CVE-2009-1961 — CVSS 4.7 (medium): The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before…
CVE-2010-4180 — CVSS 4.3 (medium): OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent…
CVE-2015-1241 — CVSS 4.3 (medium): Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and…