Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suse_linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/git/git • https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-02-06 | CVE-2014-1486 | Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. | Ubuntu_linux, Debian_linux, Fedora, Firefox, Firefox_esr, Seamonkey, Thunderbird, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 9.8 | ||
| 2014-02-06 | CVE-2014-1487 | The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. | Ubuntu_linux, Debian_linux, Fedora, Firefox, Firefox_esr, Seamonkey, Thunderbird, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 7.5 | ||
| 2014-05-07 | CVE-2014-0196 | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. | Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_application_delivery_controller, Big\-Iq_centralized_management, Big\-Iq_cloud, Big\-Iq_cloud_and_orchestration, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Linux_kernel, Linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_eus, Suse_linux_enterprise_desktop, Suse_linux_enterprise_high_availability_extension, Suse_linux_enterprise_server | N/A | ||
| 2009-09-22 | CVE-2009-3289 | The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | Glib, Opensuse, Suse_linux_enterprise_server | 7.8 | ||
| 2008-09-04 | CVE-2007-6716 | fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | Ubuntu_linux, Debian_linux, Linux_kernel, Linux_desktop, Opensuse, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 5.5 | ||
| 2014-04-14 | CVE-2014-2706 | Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. | Linux_kernel, Linux, Linux_enterprise_high_availability_extension, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | ||
| 2014-06-23 | CVE-2014-1739 | The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. | Ubuntu_linux, Linux_kernel, Linux_enterprise_high_availability_extension, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | ||
| 2014-11-10 | CVE-2014-8369 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. | Debian_linux, Linux_kernel, Evergreen, Linux_enterprise_real_time_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2014-12-17 | CVE-2014-9322 | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | Ubuntu_linux, Android, Linux_kernel, Evergreen, Enterprise_linux_eus, Suse_linux_enterprise_server | 7.8 | ||
| 2015-04-21 | CVE-2015-2041 | net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. | Debian_linux, Linux_kernel, Suse_linux_enterprise_server | N/A |