Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-1285 |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. Published: March 09, 2016; 6:59:02 PM -0500 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-5006 |
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. Published: December 07, 2015; 3:59:06 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-0272 |
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. Published: November 17, 2015; 10:59:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-4495 |
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Published: August 07, 2015; 8:59:04 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 4.3 MEDIUM |
CVE-2015-0192 |
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Published: July 02, 2015; 5:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3209 |
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Published: June 15, 2015; 11:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-4106 |
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. Published: June 03, 2015; 4:59:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-2808 |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. Published: March 31, 2015; 10:00:35 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9585 |
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. Published: January 09, 2015; 4:59:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-9584 |
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. Published: January 09, 2015; 4:59:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-3601 |
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. Published: August 31, 2014; 9:55:18 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4943 |
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Published: July 19, 2014; 3:55:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-4608 |
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. Published: July 03, 2014; 12:22:15 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-3153 |
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. Published: June 07, 2014; 10:55:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-3469 |
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Published: June 05, 2014; 4:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3468 |
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. Published: June 05, 2014; 4:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-3467 |
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Published: June 05, 2014; 4:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0131 |
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. Published: March 24, 2014; 12:40:48 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.9 LOW |
CVE-2014-2497 |
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. Published: March 21, 2014; 10:55:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-2309 |
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. Published: March 11, 2014; 9:01:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.1 MEDIUM |