CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Suse » Linux Enterprise Server » 11 SP3 * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-8779 119 DoS Exec Code Overflow 2016-04-19 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
2 CVE-2015-8778 119 DoS Exec Code Overflow 2016-04-19 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
3 CVE-2015-8776 189 DoS +Info 2016-04-19 2018-10-30
6.4
None Remote Low Not required Partial None Partial
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
4 CVE-2015-5006 200 +Info 2015-12-07 2019-06-19
2.1
None Local Low Not required Partial None None
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
5 CVE-2015-2808 327 2015-04-01 2020-11-23
5.0
None Remote Low Not required Partial None None
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
6 CVE-2015-2695 763 DoS 2015-11-09 2021-02-02
5.0
None Remote Low Not required None None Partial
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
7 CVE-2015-1781 119 DoS Exec Code Overflow 2015-09-28 2019-06-17
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
8 CVE-2015-0797 DoS Exec Code 2015-05-14 2020-09-28
6.8
None Remote Medium Not required Partial Partial Partial
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
9 CVE-2015-0272 DoS 2015-11-17 2021-11-02
5.0
None Remote Low Not required None None Partial
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
10 CVE-2014-5077 476 DoS 2014-08-01 2020-08-13
7.1
None Remote Medium Not required None None Complete
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
11 CVE-2014-4943 269 1 +Priv 2014-07-19 2020-08-14
6.9
None Local Medium Not required Complete Complete Complete
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
12 CVE-2014-4667 DoS 2014-07-03 2020-08-14
5.0
None Remote Low Not required None None Partial
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
13 CVE-2014-4207 2014-07-17 2018-10-09
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
14 CVE-2014-4027 200 +Info 2014-06-23 2020-08-21
2.3
None Local Network Medium ??? Partial None None
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
15 CVE-2014-3469 476 DoS 2014-06-05 2020-11-16
5.0
None Remote Low Not required None None Partial
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
16 CVE-2014-3468 131 2014-06-05 2020-11-16
7.5
None Remote Low Not required Partial Partial Partial
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
17 CVE-2014-3467 DoS 2014-06-05 2020-11-16
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
18 CVE-2014-3153 269 1 +Priv 2014-06-07 2021-02-08
7.2
None Local Low Not required Complete Complete Complete
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
19 CVE-2014-1947 787 DoS Exec Code Overflow 2020-02-17 2020-02-21
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
20 CVE-2014-1738 200 +Info 2014-05-11 2020-08-21
2.1
None Local Low Not required Partial None None
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
21 CVE-2014-1737 754 +Priv 2014-05-11 2020-08-21
7.2
None Local Low Not required Complete Complete Complete
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
22 CVE-2014-1504 264 XSS 2014-03-19 2020-08-10
2.6
None Remote High Not required None Partial None
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.
23 CVE-2014-1502 346 Bypass 2014-03-19 2020-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
24 CVE-2014-1501 264 Bypass 2014-03-19 2016-11-17
5.8
None Remote Medium Not required Partial Partial None
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.
25 CVE-2014-1500 400 DoS 2014-03-19 2020-08-14
5.0
None Remote Low Not required None None Partial
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
26 CVE-2014-1499 2014-03-19 2020-08-14
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
27 CVE-2014-1498 347 DoS 2014-03-19 2020-08-14
5.0
None Remote Low Not required None None Partial
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
28 CVE-2014-1494 DoS Exec Code Mem. Corr. 2014-03-19 2020-08-14
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
29 CVE-2014-1491 326 Bypass 2014-02-06 2020-07-31
4.3
None Remote Medium Not required Partial None None
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
30 CVE-2014-1490 362 DoS 2014-02-06 2020-07-31
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
31 CVE-2014-1489 264 DoS 2014-02-06 2018-10-30
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
32 CVE-2014-1488 Exec Code 2014-02-06 2020-08-21
10.0
None Remote Low Not required Complete Complete Complete
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
33 CVE-2014-1485 Exec Code 2014-02-06 2020-08-21
7.5
None Remote Low Not required Partial Partial Partial
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
34 CVE-2014-1484 200 +Info 2014-02-06 2018-10-30
5.0
None Remote Low Not required Partial None None
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
35 CVE-2014-1483 1021 Bypass +Info 2014-02-06 2020-10-23
5.0
None Remote Low Not required Partial None None
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
36 CVE-2014-1480 1021 2014-02-06 2020-08-21
4.3
None Remote Medium Not required None Partial None
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
37 CVE-2014-0069 119 DoS Overflow +Priv Mem. Corr. +Info 2014-02-28 2020-08-26
7.2
None Local Low Not required Complete Complete Complete
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
38 CVE-2013-6673 310 2013-12-11 2020-08-12
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
39 CVE-2013-6672 200 +Info 2013-12-11 2020-08-21
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
40 CVE-2013-5619 190 DoS Overflow 2013-12-11 2020-08-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
41 CVE-2013-5614 1021 Bypass 2013-12-11 2020-08-21
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.
42 CVE-2013-5612 79 XSS 2013-12-11 2020-08-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.
43 CVE-2013-5611 2013-12-11 2018-10-30
5.8
None Remote Medium Not required None Partial Partial
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
44 CVE-2013-5610 787 DoS Exec Code Mem. Corr. 2013-12-11 2020-08-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
45 CVE-2013-4002 DoS 2013-07-23 2022-05-13
7.1
None Remote Medium Not required None None Complete
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
46 CVE-2013-3805 2013-07-17 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
47 CVE-2013-3801 2013-07-17 2019-12-17
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
48 CVE-2012-4188 119 Exec Code Overflow 2012-10-10 2020-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
49 CVE-2012-4187 119 DoS Exec Code Overflow Mem. Corr. 2012-10-10 2020-08-10
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.
50 CVE-2012-4186 119 Exec Code Overflow 2012-10-10 2020-08-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
Total number of vulnerabilities : 64   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.