Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1931 |
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. Published: September 28, 2022; 11:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-45082 |
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) Published: February 18, 2022; 7:15:17 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2020-8013 |
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. Published: March 02, 2020; 12:15:19 PM -0500 |
V4.0:(not available) V3.1: 2.5 LOW V2.0: 1.9 LOW |
CVE-2014-1947 |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. Published: February 17, 2020; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-5239 |
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Published: January 23, 2020; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2012-6639 |
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. Published: November 25, 2019; 1:15:11 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2015-8779 |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Published: April 19, 2016; 5:59:05 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-8778 |
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. Published: April 19, 2016; 5:59:04 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-8776 |
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. Published: April 19, 2016; 5:59:04 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2015-5006 |
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. Published: December 07, 2015; 3:59:06 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-0272 |
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. Published: November 17, 2015; 10:59:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2695 |
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Published: November 08, 2015; 10:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-4830 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Published: October 21, 2015; 5:59:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-1781 |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Published: September 28, 2015; 4:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4495 |
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Published: August 07, 2015; 8:59:04 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 4.3 MEDIUM |
CVE-2015-0797 |
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. Published: May 14, 2015; 6:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2576 |
Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. Published: April 16, 2015; 1:00:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-2575 |
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. Published: April 16, 2015; 1:00:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-2573 |
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Published: April 16, 2015; 1:00:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-2571 |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Published: April 16, 2015; 1:00:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |