Product:

Suse_linux_enterprise_software_development_kit

(Suse)
Repositories https://github.com/torvalds/linux
#Vulnerabilities 35
Date Id Summary Products Score Patch Annotated
2014-03-19 CVE-2014-1508 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit N/A
2016-06-27 CVE-2016-5244 The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. Fedora, Linux_kernel, Enterprise_linux, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_workstation_extension, Opensuse_leap, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit 7.5
2016-05-02 CVE-2016-3951 Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Ubuntu_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_live_patching, Suse_linux_enterprise_module_for_public_cloud, Suse_linux_enterprise_real_time_extension, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Suse_linux_enterprise_software_development_kit 4.6
2016-04-27 CVE-2015-8845 The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_live_patching, Suse_linux_enterprise_module_for_public_cloud, Suse_linux_enterprise_real_time_extension, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension 5.5
2015-04-28 CVE-2015-3340 Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Debian_linux, Fedora, Opensuse, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Xen N/A
2015-04-16 CVE-2015-0500 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. Communications_policy_management, Mysql, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit N/A
2015-04-16 CVE-2015-0439 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Mysql, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit N/A
2013-07-29 CVE-2013-4854 The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. Fedora, Freebsd, Hp\-Ux, Bind, Dnsco_bind, Business_server, Enterprise_server, Suse_linux, Opensuse, Enterprise_linux, Slackware_linux, Suse_linux_enterprise_software_development_kit N/A
2013-11-05 CVE-2013-4419 The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. Libguestfs, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit N/A
2014-05-23 CVE-2013-1864 The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Ekiga, Portable_tool_library, Suse_linux_enterprise_desktop, Suse_linux_enterprise_software_development_kit N/A