Linux_enterprise_workstation_extension - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Linux_enterprise_workstation_extension
(Suse)

Repositories	https://github.com/torvalds/linux
#Vulnerabilities	104

Date	Id	Summary	Products	Score	Patch	Annotated
2015-12-28	CVE-2015-8651	Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.	Air, Air_sdk, Air_sdk_\&_compiler, Flash_player, Insight_control, Insight_control_server_provisioning, Matrix_operating_environment, System_management_homepage, Systems_insight_manager, Version_control_repository_manager, Evergreen, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension	8.8
2022-01-28	CVE-2021-4034	A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code....	Ubuntu_linux, Http_server, Zfs_storage_appliance_kit, Polkit, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Scalance_lpe9403_firmware, Sinumerik_edge, Command_center, Starwind_hyperconverged_appliance, Starwind_virtual_san, Enterprise_storage, Linux_enterprise_desktop, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_workstation_extension, Manager_proxy, Manager_server	7.8
2018-01-03	CVE-2017-18017	The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.	Eos, Ubuntu_linux, Debian_linux, Arx, Linux_kernel, Cloud_magnum_orchestration, Leap, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Mrg_realtime, Caas_platform, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_high_availability, Linux_enterprise_high_availability_extension, Linux_enterprise_live_patching, Linux_enterprise_module_for_public_cloud, Linux_enterprise_point_of_sale, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Openstack_cloud	9.8
2014-06-05	CVE-2014-0221	The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.	Fedora, Mariadb, Openssl, Leap, Opensuse, Enterprise_linux, Storage, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension	N/A
2014-06-05	CVE-2014-3470	The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.	Fedora, Mariadb, Openssl, Leap, Opensuse, Enterprise_linux, Storage, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension	N/A
2015-01-09	CVE-2014-9585	The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.	Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Evergreen, Opensuse, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension	N/A
2016-04-08	CVE-2015-5969	The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.	Leap, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension	6.2
2017-04-12	CVE-2016-9957	Stack-based buffer overflow in game-music-emu before 0.6.1.	Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server	7.8
2017-04-12	CVE-2016-9958	game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.	Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server	7.8
2017-04-12	CVE-2016-9959	game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.	Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server	7.8