Lucene search

K
NovellSuse Linux Enterprise Server11.0

33 matches found

CVE
CVE
added 2014/10/15 12:55 a.m.836 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.94196EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.302 views

CVE-2016-3137

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port...

4.9CVSS5.3AI score0.00021EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.296 views

CVE-2016-1583

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

7.8CVSS7.4AI score0.00288EPSS
CVE
CVE
added 2017/06/19 4:29 p.m.263 views

CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.8CVSS7.4AI score0.07151EPSS
CVE
CVE
added 2020/01/31 10:15 p.m.236 views

CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

3.5CVSS5AI score0.01897EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.194 views

CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

8.4CVSS6.1AI score0.0007EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.190 views

CVE-2012-6657

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

4.9CVSS6.6AI score0.00122EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.186 views

CVE-2016-4913

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs fil...

7.8CVSS7.4AI score0.00067EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.149 views

CVE-2016-2184

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device desc...

4.9CVSS6.1AI score0.00345EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.145 views

CVE-2016-2847

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

6.2CVSS6.3AI score0.00073EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.143 views

CVE-2015-0395

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

9.3CVSS3.8AI score0.24877EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.143 views

CVE-2016-4482

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

6.2CVSS6AI score0.00026EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.140 views

CVE-2016-3156

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

5.5CVSS6.6AI score0.00028EPSS
CVE
CVE
added 2014/10/13 10:55 a.m.138 views

CVE-2014-7970

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.

5.5CVSS5.9AI score0.00059EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.136 views

CVE-2016-4486

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

3.3CVSS5.6AI score0.0052EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.132 views

CVE-2016-4805

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net...

7.8CVSS7.7AI score0.00087EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.130 views

CVE-2016-4569

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

5.5CVSS5.8AI score0.00522EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.127 views

CVE-2016-2188

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.1AI score0.00428EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.126 views

CVE-2016-2185

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.3AI score0.00048EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.126 views

CVE-2016-3140

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS6.1AI score0.00175EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.122 views

CVE-2016-2186

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.9AI score0.00057EPSS
CVE
CVE
added 2013/08/19 11:55 p.m.117 views

CVE-2013-3567

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

7.5CVSS7.3AI score0.11139EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.116 views

CVE-2016-3138

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

4.9CVSS5.2AI score0.00021EPSS
CVE
CVE
added 2013/11/05 8:55 p.m.91 views

CVE-2013-4419

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary...

6.8CVSS7AI score0.00077EPSS
CVE
CVE
added 2016/04/27 5:59 p.m.89 views

CVE-2016-3139

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2016/06/03 2:59 p.m.87 views

CVE-2016-0363

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in ...

8.1CVSS6.6AI score0.03238EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.74 views

CVE-2015-0405

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.

4CVSS5.2AI score0.00761EPSS
CVE
CVE
added 2016/06/03 2:59 p.m.71 views

CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController...

8.1CVSS7.2AI score0.01804EPSS
CVE
CVE
added 2019/12/31 7:15 p.m.66 views

CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

7.5CVSS7.2AI score0.01161EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.66 views

CVE-2015-0439

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.

4CVSS4.6AI score0.00909EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.64 views

CVE-2015-0423

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS7.5AI score0.00909EPSS
CVE
CVE
added 2015/04/16 4:59 p.m.61 views

CVE-2015-0438

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

4CVSS5.2AI score0.00761EPSS
CVE
CVE
added 2017/05/03 7:59 p.m.54 views

CVE-2017-7995

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

3.8CVSS4.2AI score0.00099EPSS