Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/krb5/krb5 • https://github.com/git/git • https://github.com/ntp-project/ntp • https://github.com/kyz/libmspack |
| #Vulnerabilities | 457 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-11-05 | CVE-2010-3702 | The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | Cups, Ubuntu_linux, Debian_linux, Fedora, Poppler, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_server, Xpdf | N/A | ||
| 2008-08-08 | CVE-2008-1945 | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | Ubuntu_linux, Debian_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_server | N/A | ||
| 2008-01-18 | CVE-2007-6427 | The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Linux, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Open_enterprise_server, X_server | N/A | ||
| 2014-06-05 | CVE-2014-3469 | The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. | Debian_linux, Gnutls, Libtasn1, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2014-06-05 | CVE-2014-3467 | Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | Debian_linux, Arx_firmware, Gnutls, Libtasn1, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2014-06-05 | CVE-2014-3468 | The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. | Debian_linux, Arx_firmware, Gnutls, Libtasn1, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2017-10-17 | CVE-2017-13080 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | Ubuntu_linux, Debian_linux, Freebsd, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Linux_enterprise_desktop, Linux_enterprise_point_of_sale, Linux_enterprise_server, Openstack_cloud, Hostapd, Wpa_supplicant | 5.3 | ||
| 2017-06-19 | CVE-2017-1000366 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | Debian_linux, Glibc, Web_gateway, Suse_linux_enterprise_desktop, Suse_linux_enterprise_point_of_sale, Suse_linux_enterprise_server, Cloud_magnum_orchestration, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_long_life, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_for_sap, Linux_enterprise_server, Linux_enterprise_server_for_raspberry_pi, Linux_enterprise_software_development_kit | 7.8 | ||
| 2017-04-13 | CVE-2015-8567 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | Ubuntu_linux, Debian_linux, Fedora, Leap, Opensuse, Qemu, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2015-06-03 | CVE-2015-4106 | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | Ubuntu_linux, Xenserver, Debian_linux, Fedora, Qemu, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A |