Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*
  • CPE Name Search: true
There are 48 matching records.
Displaying matches 41 through 48.
Vuln ID Summary CVSS Severity
CVE-2015-2737

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Published: July 05, 2015; 10:01:06 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Published: July 05, 2015; 10:01:03 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Published: May 20, 2015; 8:59:00 PM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2015-3340

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Published: April 28, 2015; 10:59:02 AM -0400
V3.x:(not available)
V2.0: 2.9 LOW
CVE-2014-9116

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Published: December 02, 2014; 11:59:08 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3673

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

Published: November 10, 2014; 6:55:06 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2014-2978

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

Published: June 11, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2014-2977

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.

Published: June 11, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH