#Vulnerabilities 104
Date ID Summary Products Score Patch
2014-10-15 CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary N/A
2017-06-19 CVE-2017-1000366 glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Debian_linux, Glibc, Web_gateway, Suse_linux_enterprise_desktop, Suse_linux_enterprise_point_of_sale, Suse_linux_enterprise_server, Cloud_magnum_orchestration, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_long_life, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_for_sap, Linux_enterprise_server, Linux_enterprise_server_for_raspberry_pi, Linux_enterprise_software_development_kit 7.8
2013-08-19 CVE-2013-3567 Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Ubuntu_linux, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Puppet, Puppet_enterprise, Puppet N/A
2017-05-03 CVE-2017-7995 Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. Suse_linux_enterprise_point_of_sale, Suse_linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud, Xen 3.8
2017-06-06 CVE-2016-9961 game-music-emu before 0.6.1 mishandles unspecified integer values. Fedora, Game\-Music\-Emu, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Leap, Leap 9.8
2017-06-06 CVE-2016-9960 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). Fedora, Game\-Music\-Emu, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Leap, Leap 5.5
2016-10-13 CVE-2016-7796 The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_server_for_sap, Suse_linux_enterprise_software_development_kit, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Systemd 5.5
2017-09-08 CVE-2016-5759 The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Leap 7.8
2016-06-10 CVE-2016-5118 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Ubuntu_linux, Debian_linux, Graphicsmagick, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Leap, Opensuse, Linux, Solaris, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite 9.8
2016-07-03 CVE-2016-4997 The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. Ubuntu_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_live_patching, Suse_linux_enterprise_module_for_public_cloud, Suse_linux_enterprise_real_time_extension, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Linux 7.8