Linux Enterprise Server@12 Security Vulnerabilities and Issues — Linux Enterprise Server@12 CVE List

Lucene search

SuseLinux Enterprise Server12

36 matches found

CVE•added 2016/05/05 6:59 p.m.•1044 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8CVSS6.3AI score0.88973EPSS

CVE•added 2016/05/05 6:59 p.m.•1040 views

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.5CVSS6.7AI score0.87335EPSS

CVE•added 2016/04/21 11:0 a.m.•669 views

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

10CVSS6.8AI score0.92599EPSS

CVE•added 2016/03/09 11:59 p.m.•503 views

CVE-2016-1286

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

8.6CVSS8.2AI score0.54992EPSS

CVE•added 2016/03/09 11:59 p.m.•424 views

CVE-2016-1285

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interfa...

6.8CVSS7.2AI score0.64255EPSS

CVE•added 2016/05/26 4:59 p.m.•310 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.02267EPSS

CVE•added 2016/02/18 9:59 p.m.•257 views

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a...

8.1CVSS8.4AI score0.91802EPSS

CVE•added 2016/04/27 5:59 p.m.•152 views

CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact...

7.2CVSS7AI score0.00076EPSS

CVE•added 2016/07/05 1:59 a.m.•150 views

CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

5.3CVSS6.4AI score0.02037EPSS

CVE•added 2016/06/10 3:59 p.m.•147 views

CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

10CVSS9.5AI score0.35422EPSS

CVE•added 2016/07/05 1:59 a.m.•134 views

CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

5.9CVSS6.3AI score0.04669EPSS

CVE•added 2016/04/27 5:59 p.m.•126 views

CVE-2016-2782

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) in...

4.9CVSS6.1AI score0.00473EPSS

CVE•added 2016/04/19 9:59 p.m.•121 views

CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

9.1CVSS8.5AI score0.0538EPSS

CVE•added 2016/04/19 9:59 p.m.•120 views

CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

9.8CVSS9AI score0.02444EPSS

CVE•added 2016/07/05 1:59 a.m.•120 views

CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

7.5CVSS7.3AI score0.19204EPSS

CVE•added 2016/07/05 1:59 a.m.•120 views

CVE-2016-4954

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

7.5CVSS6.9AI score0.07993EPSS

CVE•added 2016/04/19 9:59 p.m.•117 views

CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

9.8CVSS9.1AI score0.06604EPSS

CVE•added 2016/04/19 9:59 p.m.•116 views

CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.8CVSS9.2AI score0.04971EPSS

CVE•added 2016/04/21 10:59 a.m.•116 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00463EPSS

CVE•added 2016/04/13 3:59 p.m.•108 views

CVE-2015-8551

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-th...

6CVSS5.6AI score0.00073EPSS

CVE•added 2016/09/20 2:15 p.m.•105 views

CVE-2015-8934

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

5.5CVSS6AI score0.0241EPSS

CVE•added 2016/04/21 10:59 a.m.•101 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

5.5CVSS4.6AI score0.0031EPSS

CVE•added 2016/09/20 2:15 p.m.•95 views

CVE-2015-8933

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

5.5CVSS6AI score0.00311EPSS

CVE•added 2016/09/20 2:15 p.m.•92 views

CVE-2015-8928

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

5.5CVSS6.2AI score0.00295EPSS

CVE•added 2016/04/08 2:59 p.m.•91 views

CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

10CVSS9.6AI score0.2572EPSS

CVE•added 2016/09/20 2:15 p.m.•88 views

CVE-2015-8931

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

7.8CVSS8AI score0.00299EPSS

CVE•added 2016/09/20 2:15 p.m.•86 views

CVE-2015-8932

The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

5.5CVSS5.8AI score0.00626EPSS

CVE•added 2016/09/20 2:15 p.m.•85 views

CVE-2015-8926

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

5.5CVSS6.1AI score0.00409EPSS

CVE•added 2016/04/21 10:59 a.m.•82 views

CVE-2016-0668

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.

4.1CVSS4.3AI score0.00439EPSS

CVE•added 2016/09/20 2:15 p.m.•79 views

CVE-2015-8930

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

7.5CVSS7.5AI score0.04803EPSS

CVE•added 2016/07/05 1:59 a.m.•78 views

CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

7.5CVSS6.2AI score0.6295EPSS

CVE•added 2016/09/20 2:15 p.m.•74 views

CVE-2015-8925

The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

5.5CVSS6.2AI score0.00506EPSS

CVE•added 2016/05/24 3:59 p.m.•70 views

CVE-2016-0264

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unsp...

6.8CVSS7.2AI score0.12648EPSS

CVE•added 2016/06/06 5:59 p.m.•67 views

CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

9.1CVSS8.7AI score0.01297EPSS

CVE•added 2016/09/20 2:15 p.m.•61 views

CVE-2015-8929

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

5.5CVSS5.8AI score0.00271EPSS

CVE•added 2016/04/08 3:59 p.m.•55 views

CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 a...

6.2CVSS6AI score0.00134EPSS