U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:suse:linux_enterprise_server:11:sp3:~~~vmware~~
There are 88 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2014-5077

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Published: August 01, 2014; 7:13:09 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

Published: July 19, 2014; 3:55:08 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-4260

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

Published: July 17, 2014; 7:17:10 AM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2014-4258

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

Published: July 17, 2014; 7:17:10 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-4243

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.

Published: July 17, 2014; 7:17:10 AM -0400
V3.x:(not available)
V2.0: 2.8 LOW
CVE-2014-4207

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

Published: July 17, 2014; 1:10:15 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-2494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

Published: July 17, 2014; 1:10:15 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-4667

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

Published: July 03, 2014; 12:22:16 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Published: June 23, 2014; 7:21:18 AM -0400
V3.x:(not available)
V2.0: 2.3 LOW
CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Published: June 07, 2014; 10:55:27 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

Published: June 05, 2014; 4:55:06 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

Published: June 05, 2014; 4:55:06 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

Published: June 05, 2014; 4:55:06 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1738

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Published: May 11, 2014; 5:55:05 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-1737

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Published: May 11, 2014; 5:55:05 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Published: March 21, 2014; 10:55:12 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.

Published: March 19, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2014-1502

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

Published: March 19, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

Published: March 19, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

Published: March 19, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM