Suse Suse Linux Enterprise Desktop — known CVE vulnerabilities
Every CVE whose affected-product data names Suse Suse Linux Enterprise Desktop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (81)
CVE-2015-0346 — CVSS 10.0 (critical): Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-3042 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-3041 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-3039 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-3038 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2014-1512 — CVSS 10.0 (critical): Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4…
CVE-2015-0491 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect…
CVE-2014-0553 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before…
CVE-2015-0360 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2010-2302 — CVSS 10.0 (critical): Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service…
CVE-2010-2495 — CVSS 10.0 (critical): The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly…
CVE-2015-0358 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-0355 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0354 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0353 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0352 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0351 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-0350 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2015-0349 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before…
CVE-2015-0348 — CVSS 10.0 (critical): Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457…
CVE-2015-0347 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows…
CVE-2014-1510 — CVSS 9.8 (critical): The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25…
CVE-2013-5609 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before…
CVE-2013-5613 — CVSS 9.8 (critical): Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before…
CVE-2013-5615 — CVSS 9.8 (critical): The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before…
CVE-2013-5616 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x…
CVE-2013-5618 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in…
CVE-2013-6671 — CVSS 9.8 (critical): The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and…
CVE-2014-1514 — CVSS 9.8 (critical): vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25…
CVE-2014-1511 — CVSS 9.8 (critical): Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to…
CVE-2014-1486 — CVSS 9.8 (critical): Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird…
CVE-2014-1493 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before…
CVE-2014-1477 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before…
CVE-2010-2297 — CVSS 9.3 (critical): rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service…
CVE-2010-1770 — CVSS 9.3 (critical): WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome…
CVE-2014-1508 — CVSS 9.1 (critical): The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and…
CVE-2012-5830 — CVSS 8.8 (high): Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x…
CVE-2014-1482 — CVSS 8.8 (high): RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not…
CVE-2014-1497 — CVSS 8.8 (high): The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4…
CVE-2014-1509 — CVSS 8.8 (high): Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before…
CVE-2014-1513 — CVSS 8.8 (high): TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does…
CVE-2018-19655 — CVSS 8.8 (high): A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow…
CVE-2020-6422 — CVSS 8.8 (high): Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6424 — CVSS 8.8 (high): Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6427 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6428 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6429 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6449 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2010-2960 — CVSS 7.8 (high): The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent…
CVE-2008-2812 — CVSS 7.8 (high): The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system…
CVE-2010-2524 — CVSS 7.8 (high): The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled…
CVE-2010-3081 — CVSS 7.8 (high): The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not…
CVE-2010-2798 — CVSS 7.8 (high): The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations…
CVE-2014-1487 — CVSS 7.5 (high): The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before…
CVE-2014-1505 — CVSS 7.5 (high): The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before…
CVE-2014-1481 — CVSS 7.5 (high): Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to…
CVE-2014-1479 — CVSS 7.5 (high): The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and…
CVE-2014-2706 — CVSS 7.1 (high): Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system…
CVE-2010-2537 — CVSS 7.1 (high): The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file…
CVE-2009-3547 — CVSS 7.0 (high): Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer…
CVE-2020-6426 — CVSS 6.5 (medium): Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption…
CVE-2023-32182 — CVSS 5.9 (medium): A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE…
CVE-2011-4190 — CVSS 5.9 (medium): The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version…
CVE-2017-5753 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an…
CVE-2009-3621 — CVSS 5.5 (medium): net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an…
CVE-2007-6716 — CVSS 5.5 (medium): fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users…
CVE-2010-3078 — CVSS 5.5 (medium): The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain…
CVE-2010-2942 — CVSS 5.5 (medium): The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain…
CVE-2010-2066 — CVSS 5.5 (medium): The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only…
CVE-2008-3275 — CVSS 5.5 (medium): The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not…
CVE-2014-1496 — CVSS 5.5 (medium): Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to…
CVE-2014-8121 — CVSS 5.0 (medium): DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not…
CVE-2015-3040 — CVSS 5.0 (medium): Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not…
CVE-2015-5707 — CVSS 4.6 (medium): Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to…
CVE-2010-2301 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote…
CVE-2013-1864 — CVSS 4.3 (medium): The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity…
CVE-2015-0500 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2015-3340 — CVSS 2.9 (low): Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information…
CVE-2010-3881 — CVSS 2.1 (low): arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain…
CVE-2014-1739 — CVSS 2.1 (low): The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain…