Suse Linux Enterprise Software Development Kit Security Vulnerabilities and Issues — Suse Linux Enterprise Software Development Kit CVE List

Lucene search

NovellSuse Linux Enterprise Software Development Kit

39 matches found

CVE•added 2016/04/27 5:59 p.m.•315 views

CVE-2016-3672

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a set...

7.8CVSS6.6AI score0.00021EPSS

CVE•added 2016/05/02 10:59 a.m.•302 views

CVE-2016-3137

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port...

4.9CVSS5.3AI score0.00021EPSS

CVE•added 2016/06/27 10:59 a.m.•297 views

CVE-2016-1583

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

7.8CVSS7.4AI score0.00288EPSS

CVE•added 2016/07/03 9:59 p.m.•285 views

CVE-2016-4997

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value...

7.8CVSS7.5AI score0.05575EPSS

CVE•added 2016/04/27 5:59 p.m.•195 views

CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

8.4CVSS6.1AI score0.00068EPSS

CVE•added 2016/05/23 10:59 a.m.•187 views

CVE-2016-4913

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs fil...

7.8CVSS7.4AI score0.00098EPSS

CVE•added 2016/06/13 10:59 a.m.•175 views

CVE-2016-2834

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

9.3CVSS8.5AI score0.01552EPSS

CVE•added 2016/04/27 5:59 p.m.•152 views

CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact...

7.2CVSS7AI score0.00076EPSS

CVE•added 2016/04/27 5:59 p.m.•149 views

CVE-2016-2184

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device desc...

4.9CVSS6.1AI score0.00345EPSS

CVE•added 2016/04/27 5:59 p.m.•146 views

CVE-2016-2847

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

6.2CVSS6.3AI score0.00073EPSS

CVE•added 2016/05/23 10:59 a.m.•143 views

CVE-2016-4482

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

6.2CVSS6AI score0.00044EPSS

CVE•added 2016/04/27 5:59 p.m.•141 views

CVE-2016-3156

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

5.5CVSS6.6AI score0.00037EPSS

CVE•added 2016/02/08 3:59 a.m.•139 views

CVE-2015-7566

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoin...

4.9CVSS6AI score0.00453EPSS

CVE•added 2016/05/23 10:59 a.m.•136 views

CVE-2016-4485

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

7.5CVSS7.7AI score0.00771EPSS

CVE•added 2016/05/23 10:59 a.m.•136 views

CVE-2016-4486

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

3.3CVSS5.6AI score0.0052EPSS

CVE•added 2016/05/23 10:59 a.m.•132 views

CVE-2016-4805

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net...

7.8CVSS7.7AI score0.00087EPSS

CVE•added 2016/05/23 10:59 a.m.•131 views

CVE-2016-4569

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

5.5CVSS5.8AI score0.004EPSS

CVE•added 2016/05/02 10:59 a.m.•127 views

CVE-2016-2188

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.1AI score0.00428EPSS

CVE•added 2016/05/02 10:59 a.m.•126 views

CVE-2016-2185

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.3AI score0.00048EPSS

CVE•added 2016/05/02 10:59 a.m.•126 views

CVE-2016-3140

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS6.1AI score0.0016EPSS

CVE•added 2016/05/02 10:59 a.m.•125 views

CVE-2016-2187

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.7AI score0.00057EPSS

CVE•added 2016/05/02 10:59 a.m.•122 views

CVE-2016-2186

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.9AI score0.00057EPSS

CVE•added 2016/05/02 10:59 a.m.•116 views

CVE-2016-3138

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

4.9CVSS5.2AI score0.00021EPSS

CVE•added 2016/05/02 10:59 a.m.•116 views

CVE-2016-3951

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

4.9CVSS6.8AI score0.00035EPSS

CVE•added 2016/05/02 10:59 a.m.•115 views

CVE-2016-3689

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

4.9CVSS5AI score0.00062EPSS

CVE•added 2016/05/02 10:59 a.m.•112 views

CVE-2016-3136

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

4.9CVSS5.1AI score0.00202EPSS

CVE•added 2016/09/20 2:15 p.m.•100 views

CVE-2015-8924

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

5.5CVSS6.1AI score0.00326EPSS

CVE•added 2016/06/13 10:59 a.m.•96 views

CVE-2016-2818

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.3AI score0.00426EPSS

CVE•added 2016/06/13 10:59 a.m.•93 views

CVE-2016-2815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.2AI score0.00379EPSS

CVE•added 2016/09/20 2:15 p.m.•92 views

CVE-2015-8920

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

5.5CVSS5.8AI score0.00495EPSS

CVE•added 2016/04/27 5:59 p.m.•89 views

CVE-2016-3139

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

4.9CVSS5.7AI score0.00164EPSS

CVE•added 2016/06/03 2:59 p.m.•88 views

CVE-2016-0363

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in ...

8.1CVSS6.6AI score0.03238EPSS

CVE•added 2016/09/20 2:15 p.m.•87 views

CVE-2015-8921

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

7.5CVSS7AI score0.0366EPSS

CVE•added 2016/09/20 2:15 p.m.•84 views

CVE-2015-8922

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

5.5CVSS6.1AI score0.00368EPSS

CVE•added 2016/09/20 2:15 p.m.•82 views

CVE-2015-8919

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

7.5CVSS7.3AI score0.0637EPSS

CVE•added 2016/09/20 2:15 p.m.•78 views

CVE-2015-8923

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

6.5CVSS6.7AI score0.02186EPSS

CVE•added 2016/06/03 2:59 p.m.•72 views

CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController...

8.1CVSS7.2AI score0.01804EPSS

CVE•added 2016/10/13 2:59 p.m.•72 views

CVE-2016-7796

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

5.5CVSS5.2AI score0.00095EPSS

CVE•added 2016/09/20 2:15 p.m.•68 views

CVE-2015-8918

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

7.5CVSS7AI score0.02038EPSS