Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suse_linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/git/git • https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-09-24 | CVE-2010-3081 | The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. | Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Esx | 7.8 | ||
| 2010-09-30 | CVE-2010-2537 | The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. | Ubuntu_linux, Linux_kernel, Linux_enterprise_high_availability_extension, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 7.1 | ||
| 2010-12-23 | CVE-2010-3881 | arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. | Linux_kernel, Enterprise_linux_server, Enterprise_linux_workstation, Suse_linux_enterprise_desktop, Suse_linux_enterprise_high_availability_extension, Suse_linux_enterprise_server | N/A | ||
| 2016-05-05 | CVE-2016-3714 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | Ubuntu_linux, Debian_linux, Imagemagick, Leap, Opensuse, Suse_linux_enterprise_server | 8.4 | ||
| 2013-06-08 | CVE-2011-1585 | The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. | Linux_kernel, Suse_linux_enterprise_server | N/A | ||
| 2014-09-01 | CVE-2014-3601 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. | Ubuntu_linux, Linux_kernel, Evergreen, Linux_enterprise_real_time_extension, Linux_enterprise_server, Suse_linux_enterprise_server | N/A | ||
| 2014-11-10 | CVE-2014-3610 | The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Suse_linux_enterprise_server | 5.5 | ||
| 2014-11-10 | CVE-2014-3647 | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Linux, Enterprise_linux, Suse_linux_enterprise_server | 5.5 | ||
| 2014-11-10 | CVE-2014-3646 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Enterprise_linux, Suse_linux_enterprise_server | 5.5 | ||
| 2014-11-10 | CVE-2014-3673 | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Linux, Enterprise_linux, Enterprise_mrg, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.5 |