National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:suse:linux_enterprise_server:11:sp3
There are 56 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2017-13079

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Published: October 17, 2017; 09:29:00 AM -04:00
V3.0: 5.3 MEDIUM
    V2: 2.9 LOW
CVE-2017-13078

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Published: October 17, 2017; 09:29:00 AM -04:00
V3.0: 5.3 MEDIUM
    V2: 2.9 LOW
CVE-2017-13077

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: October 16, 2017; 10:29:00 PM -04:00
V3.0: 6.8 MEDIUM
    V2: 5.4 MEDIUM
CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Published: July 21, 2017; 10:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Published: July 21, 2017; 10:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Published: July 21, 2017; 10:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Published: January 30, 2017; 04:59:00 PM -05:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-0264

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

Published: May 24, 2016; 11:59:00 AM -04:00
V3.0: 5.6 MEDIUM
    V2: 6.8 MEDIUM
CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

Published: April 19, 2016; 05:59:05 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Published: April 19, 2016; 05:59:04 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

Published: April 19, 2016; 05:59:04 PM -04:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2015-5006

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

Published: December 07, 2015; 03:59:06 PM -05:00
    V2: 2.1 LOW
CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

Published: September 28, 2015; 04:59:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-2576

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.

Published: April 16, 2015; 01:00:07 PM -04:00
    V2: 2.1 LOW
CVE-2015-2575

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

Published: April 16, 2015; 01:00:07 PM -04:00
    V2: 4.9 MEDIUM
CVE-2015-0492

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.

Published: April 16, 2015; 12:59:43 PM -04:00
    V2: 9.3 HIGH
CVE-2015-0484

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.

Published: April 16, 2015; 12:59:36 PM -04:00
    V2: 6.8 MEDIUM
CVE-2014-4207

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

Published: July 17, 2014; 01:10:15 AM -04:00
    V2: 4.0 MEDIUM
CVE-2014-4039

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.

Published: June 17, 2014; 11:55:06 AM -04:00
    V2: 2.1 LOW
CVE-2014-4038

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.

Published: June 17, 2014; 11:55:06 AM -04:00
    V2: 4.4 MEDIUM