Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/krb5/krb5 • https://github.com/git/git • https://github.com/ntp-project/ntp • https://github.com/kyz/libmspack |
| #Vulnerabilities | 473 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-09-01 | CVE-2014-3601 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. | Ubuntu_linux, Linux_kernel, Evergreen, Linux_enterprise_real_time_extension, Linux_enterprise_server, Suse_linux_enterprise_server | N/A | ||
| 2014-11-04 | CVE-2014-0222 | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | Qemu, Linux_enterprise_server | N/A | ||
| 2014-11-04 | CVE-2014-0223 | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. | Qemu, Linux_enterprise_server | N/A | ||
| 2014-11-14 | CVE-2014-7815 | The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. | Ubuntu_linux, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2015-01-09 | CVE-2014-9584 | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Opensuse, Linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | N/A | ||
| 2015-03-02 | CVE-2014-8160 | net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. | Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | N/A | ||
| 2015-06-15 | CVE-2015-3209 | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | Eos, Ubuntu_linux, Debian_linux, Fedora, Junos_space, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2015-08-12 | CVE-2015-5165 | The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | Eos, Debian_linux, Fedora, Linux, Enterprise_linux_compute_node_eus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_eus_from_rhui, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Openstack, Virtualization, Linux_enterprise_debuginfo, Linux_enterprise_server, Xen | N/A | ||
| 2015-08-12 | CVE-2015-5154 | Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | Fedora, Qemu, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server, Xen | N/A | ||
| 2015-09-28 | CVE-2015-1781 | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. | Ubuntu_linux, Debian_linux, Glibc, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server | N/A |