Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/krb5/krb5 • https://github.com/git/git • https://github.com/ntp-project/ntp • https://github.com/kyz/libmspack |
| #Vulnerabilities | 468 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-01-09 | CVE-2010-0013 | Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of... | Adium, Fedora, Opensuse, Pidgin, Enterprise_linux, Linux_enterprise, Linux_enterprise_server | 7.5 | ||
| 2009-11-16 | CVE-2009-3939 | The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | Aura_application_enablement_services, Aura_communication_manager, Aura_session_manager, Aura_sip_enablement_services, Aura_system_manager, Aura_system_platform, Voice_portal, Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server | 7.1 | ||
| 2014-07-19 | CVE-2014-4943 | The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. | Debian_linux, Linux_kernel, Opensuse, Enterprise_linux_server_aus, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2009-08-27 | CVE-2009-2698 | The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | Ubuntu_linux, Fedora, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Esxi, Vcenter_server | 7.8 | ||
| 2011-12-15 | CVE-2011-4516 | Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. | Ubuntu_linux, Debian_linux, Fedora, Jasper, Outside_in_technology, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2011-12-15 | CVE-2011-4517 | The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. | Ubuntu_linux, Debian_linux, Fedora, Jasper, Outside_in_technology, Enterprise_linux_desktop, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2016-03-09 | CVE-2016-1285 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. | Ubuntu_linux, Debian_linux, Fedora, Bind, Junos, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud | 6.8 | ||
| 2016-03-09 | CVE-2016-1286 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | Ubuntu_linux, Debian_linux, Fedora, Bind, Junos, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud | 8.6 | ||
| 2022-04-27 | CVE-2022-27239 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | Debian_linux, Fedora, Helion_openstack, Cifs\-Utils, Caas_platform, Enterprise_storage, Linux_enterprise_desktop, Linux_enterprise_high_performance_computing, Linux_enterprise_micro, Linux_enterprise_point_of_service, Linux_enterprise_real_time, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_storage, Manager_proxy, Manager_retail_branch_server, Manager_server, Openstack_cloud, Openstack_cloud_crowbar | 7.8 | ||
| 2007-12-13 | CVE-2007-5000 | Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Http_server, Ubuntu_linux, Fedora, Opensuse, Http_server, Linux_enterprise_desktop, Linux_enterprise_server | N/A |