Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suse_linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/git/git • https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-04-19 | CVE-2015-8776 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | Ubuntu_linux, Debian_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 9.1 | ||
| 2017-01-30 | CVE-2015-7976 | The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | Suse_openstack_cloud, Ntp, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Manager, Manager_proxy, Suse_linux_enterprise_server | 4.3 | ||
| 2017-07-21 | CVE-2015-5300 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | Ubuntu_linux, Debian_linux, Fedora, Ntp, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud, Suse_linux_enterprise_server | 7.5 | ||
| 2016-06-06 | CVE-2015-5041 | The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. | Java_sdk, Websphere_application_server, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 9.1 | ||
| 2015-04-28 | CVE-2015-3340 | Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. | Debian_linux, Fedora, Opensuse, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Xen | N/A | ||
| 2015-04-16 | CVE-2015-0500 | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | Communications_policy_management, Mysql, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | N/A | ||
| 2015-04-16 | CVE-2015-0439 | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. | Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Mysql, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | N/A | ||
| 2014-12-02 | CVE-2014-9116 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | Debian_linux, Mageia, Mutt, Linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | ||
| 2014-06-11 | CVE-2014-2978 | The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. | Directfb, Opensuse, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | N/A | ||
| 2014-06-11 | CVE-2014-2977 | Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. | Directfb, Opensuse, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | N/A |