Search Results (Refine Search)
- CPE Product Version: cpe:/o:suse:linux_enterprise_server:11:sp3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-0484 |
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. Published: April 16, 2015; 12:59:36 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-0441 |
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. Published: April 16, 2015; 12:59:06 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-0433 |
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Published: April 16, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-2808 |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. Published: March 31, 2015; 10:00:35 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-5077 |
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. Published: August 01, 2014; 7:13:09 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2014-4943 |
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Published: July 19, 2014; 3:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-4260 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. Published: July 17, 2014; 7:17:10 AM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-4258 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Published: July 17, 2014; 7:17:10 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-4243 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. Published: July 17, 2014; 7:17:10 AM -0400 |
V3.x:(not available) V2.0: 2.8 LOW |
CVE-2014-4207 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Published: July 17, 2014; 1:10:15 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-2494 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Published: July 17, 2014; 1:10:15 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-4667 |
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. Published: July 03, 2014; 12:22:16 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4027 |
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Published: June 23, 2014; 7:21:18 AM -0400 |
V3.x:(not available) V2.0: 2.3 LOW |
CVE-2014-4039 |
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. Published: June 17, 2014; 11:55:06 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-4038 |
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. Published: June 17, 2014; 11:55:06 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-3153 |
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. Published: June 07, 2014; 10:55:27 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-3469 |
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Published: June 05, 2014; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3468 |
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. Published: June 05, 2014; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-3467 |
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Published: June 05, 2014; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-1738 |
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. Published: May 11, 2014; 5:55:05 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |