RSS   Vulnerabilities for 'Suse linux enterprise server'   RSS

2017-09-08
 
CVE-2016-5759

CWE-20
 

 
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

 
2017-06-19
 
CVE-2017-1000366

CWE-119
 

 
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

 
2017-06-06
 
CVE-2016-9961

CWE-189
 

 
game-music-emu before 0.6.1 mishandles unspecified integer values.

 
 
CVE-2016-9960

CWE-369
 

 
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

 
2017-05-03
 
CVE-2017-7995

 

 
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

 
2017-04-13
 
CVE-2015-8567

CWE-399
 

 
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

 
2016-10-13
 
CVE-2016-7796

 

 
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

 
2016-09-20
 
CVE-2015-8924

CWE-125
 

 
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

 
 
CVE-2015-8923

CWE-20
 

 
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

 
 
CVE-2015-8922

CWE-476
 

 
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

 


Copyright 2019, cxsecurity.com

 

Back to Top