Vulnerabilities (CVE)

Vendor filter

Suse Subscribe

Product filter

Linux Enterprise Software Development Kit Subscribe

Filter

70 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-14804 2 Opensuse, Suse 2 Leap, Linux Enterprise Software Development Kit 2019-10-09 5.0
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2017-16232 3 Libtiff, Opensuse, Suse 5 Libtiff, Leap, Linux Enterprise Desktop and 2 more 2019-10-03 5.0
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce...
CVE-2017-5898 2 Suse, Qemu 5 Linux Enterprise Software Development Kit, Linux Enterprise Server For Sap, Linux Enterprise Server and 2 more 2019-10-03 2.1
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a...
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-09-04 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2014-9761 6 Gnu, Suse, Fedoraproject and 3 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 7 more 2019-06-13 7.5
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan,...
CVE-2015-0192 3 Ibm, Redhat, Suse 8 Java, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-06-03 7.5
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
CVE-2015-7547 11 Sophos, Oracle, Canonical and 8 more 31 Big-ip Policy Enforcement Manager, Linux Enterprise Debuginfo, Helion Openstack and 28 more 2018-11-30 6.8
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute...
CVE-2016-0718 8 Libexpat, Apple, Canonical and 5 more 14 Linux Enterprise Software Development Kit, Ubuntu Linux, Leap and 11 more 2018-11-16 7.5
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-2734 5 Suse, Mozilla, Debian and 2 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Firefox Esr and 7 more 2018-10-30 10.0
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations,...
CVE-2015-2737 5 Suse, Mozilla, Debian and 2 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Firefox Esr and 7 more 2018-10-30 10.0
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has...
CVE-2015-8778 7 Canonical, Suse, Debian and 4 more 11 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 8 more 2018-10-30 7.5
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which...
CVE-2014-2978 4 Suse, Directfb, Novell and 1 more 8 Linux Enterprise Software Development Kit, Directfb, Linux Enterprise Desktop and 5 more 2018-10-30 10.0
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an...
CVE-2015-5041 2 Suse, Ibm 5 Linux Enterprise Software Development Kit, Linux Enterprise Server, Websphere Application Server and 2 more 2018-10-30 6.4
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
CVE-2016-9958 4 Game-music-emu Project, Suse, Opensuse Project and 1 more 11 Linux Enterprise Software Development Kit, Linux Enterprise Desktop, Leap and 8 more 2018-10-30 6.8
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVE-2014-2977 4 Suse, Directfb, Novell and 1 more 8 Linux Enterprise Software Development Kit, Directfb, Linux Enterprise Desktop and 5 more 2018-10-30 10.0
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo...
CVE-2015-3340 6 Suse, Debian, Xen and 3 more 11 Linux Enterprise Software Development Kit, Linux Enterprise Desktop, Debian Linux and 8 more 2018-10-30 2.9
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
CVE-2015-2738 5 Suse, Mozilla, Debian and 2 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Firefox Esr and 7 more 2018-10-30 10.0
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory...
CVE-2016-9957 4 Game-music-emu Project, Suse, Opensuse Project and 1 more 11 Linux Enterprise Software Development Kit, Linux Enterprise Desktop, Leap and 8 more 2018-10-30 6.8
Stack-based buffer overflow in game-music-emu before 0.6.1.
CVE-2015-8779 7 Canonical, Suse, Debian and 4 more 11 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 8 more 2018-10-30 7.5
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.