cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22034,https://securityvulnerability.io/vulnerability/CVE-2024-22034,Attackers can inject malicious files into osc package sources,"A configuration manipulation vulnerability exists in the open source configuration tool, osc, where attackers can place special files within the .osc directory into the actual package sources. By exploiting this flaw, an attacker can modify critical configuration settings, potentially impacting system operations and security for the victim user. This vulnerability highlights the importance of securing configuration tools against unauthorized access and manipulation.",Suse,"Suse Linux Enterprise Desktop 15 Sp5,Suse Linux Enterprise High Performance Computing 15 Sp5,Suse Linux Enterprise Module For Development Tools 15 Sp5,Suse Linux Enterprise Server 15 Sp5,Suse Linux Enterprise Server For SAP Applications 15 Sp5,Suse Linux Enterprise Desktop 15 Sp6,Suse Linux Enterprise High Performance Computing 15 Sp6,Suse Linux Enterprise Module For Development Tools 15 Sp6,Suse Linux Enterprise Server 15 Sp6,Suse Linux Enterprise Server For SAP Applications 15 Sp6,Suse Linux Enterprise Server 12 Sp5,Suse Linux Enterprise Server For SAP Applications 12 Sp5,Suse Linux Enterprise Software Development Kit 12 Sp5,Opensuse Leap 15.5,Opensuse Leap 15.6,Opensuse Tumbleweed",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:46:08.416Z,0
CVE-2019-3681,https://securityvulnerability.io/vulnerability/CVE-2019-3681,osc: stores downloaded (supposed) RPM in network-controlled filesystem paths,"A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .",Suse,"Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Software Development Kit 12-sp5,Suse Linux Enterprise Software Development Kit 12-sp4,Opensuse Leap 15.1,Opensuse Factory",7.5,HIGH,0.01655000075697899,false,,false,false,false,,,false,false,,2020-06-29T12:15:00.000Z,0
CVE-2020-8016,https://securityvulnerability.io/vulnerability/CVE-2020-8016,race condition in the packaging of texlive-filesysten,"A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.",Suse,"Suse Linux Enterprise Module For Desktop Applications 15-sp1,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",4.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-02T14:15:00.000Z,0
CVE-2020-8017,https://securityvulnerability.io/vulnerability/CVE-2020-8017,race condition on texlive-filesystem cron job allows for the deletion of unintended files,"A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.",Suse,"Suse Linux Enterprise Module For Desktop Applications 15-sp1,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-02T00:00:00.000Z,0
CVE-2019-3695,https://securityvulnerability.io/vulnerability/CVE-2019-3695,pcp: Local privilege escalation from user pcp to root,"A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",Suse,"Suse Linux Enterprise High Performance Computing 15-espos,Suse Linux Enterprise High Performance Computing 15-ltss,Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Module For Development Tools 15-sp1,Suse Linux Enterprise Module For Open Buildservice Development Tools 15,Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 15,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",8.4,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-03-03T11:15:00.000Z,0
CVE-2019-3696,https://securityvulnerability.io/vulnerability/CVE-2019-3696,pcp: Local privilege escalation from user pcp to root through migrate_tempdirs,"A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",Suse,"Suse Linux Enterprise High Performance Computing 15-espos,Suse Linux Enterprise High Performance Computing 15-ltss,Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Module For Development Tools 15-sp1,Suse Linux Enterprise Module For Open Buildservice Development Tools 15,Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 15,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-03T11:15:00.000Z,0
CVE-2015-8779,https://securityvulnerability.io/vulnerability/CVE-2015-8779,,Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.,Suse,"Linux Enterprise Server,Linux Enterprise Desktop,Linux Enterprise Debuginfo,Linux Enterprise Software Development Kit,Opensuse,Suse Linux Enterprise Server",9.8,CRITICAL,0.023339999839663506,false,,false,false,false,,,false,false,,2016-04-19T21:00:00.000Z,0
CVE-2015-8776,https://securityvulnerability.io/vulnerability/CVE-2015-8776,,The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.,Suse,"Linux Enterprise Server,Linux Enterprise Desktop,Linux Enterprise Debuginfo,Linux Enterprise Software Development Kit,Opensuse,Suse Linux Enterprise Server",9.1,CRITICAL,0.007259999867528677,false,,false,false,false,,,false,false,,2016-04-19T21:00:00.000Z,0
CVE-2014-9761,https://securityvulnerability.io/vulnerability/CVE-2014-9761,,"Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.",Suse,"Linux Enterprise Server,Linux Enterprise Debuginfo,Linux Enterprise Software Development Kit,Linux Enterprise Desktop,Opensuse,Suse Linux Enterprise Server",9.8,CRITICAL,0.02655000053346157,false,,false,false,false,,,false,false,,2016-04-19T21:00:00.000Z,0
CVE-2016-2324,https://securityvulnerability.io/vulnerability/CVE-2016-2324,,"Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.",Suse,"Openstack Cloud,Linux Enterprise Software Development Kit,Linux Enterprise Server,Linux Enterprise Debuginfo,Leap,Opensuse,Suse Linux Enterprise Server",9.8,CRITICAL,0.08257000148296356,false,,false,false,false,,,false,false,,2016-04-08T14:00:00.000Z,0
CVE-2016-2315,https://securityvulnerability.io/vulnerability/CVE-2016-2315,,"revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.",Suse,"Openstack Cloud,Linux Enterprise Software Development Kit,Linux Enterprise Server,Linux Enterprise Debuginfo,Leap,Opensuse,Suse Linux Enterprise Server",9.8,CRITICAL,0.11934000253677368,false,,false,false,false,,,false,false,,2016-04-08T14:00:00.000Z,0
CVE-2015-2734,https://securityvulnerability.io/vulnerability/CVE-2015-2734,,"The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.",Suse,"Linux Enterprise Server,Linux Enterprise Software Development Kit,Linux Enterprise Desktop,Suse Linux Enterprise Server",,,0.0056500001810491085,false,,false,false,false,,,false,false,,2015-07-06T01:00:00.000Z,0
CVE-2015-0439,https://securityvulnerability.io/vulnerability/CVE-2015-0439,,"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.",Suse,"Suse Linux Enterprise Server,Suse Linux Enterprise Software Development Kit,Suse Linux Enterprise Desktop",,,0.006479999981820583,false,,false,false,false,,,false,false,,2015-04-16T16:00:00.000Z,0
CVE-2014-2977,https://securityvulnerability.io/vulnerability/CVE-2014-2977,,"Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.",Suse,"Linux Enterprise Software Development Kit,Linux Enterprise Desktop,Linux Enterprise Workstation Extension,Opensuse,Suse Linux Enterprise Server",,,0.03554999828338623,false,,false,false,false,,,false,false,,2014-06-11T14:00:00.000Z,0