RSS   Vulnerabilities for 'Suse openstack cloud'   RSS

2017-01-30
 
CVE-2015-7976

CWE-254
 

 
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

 
2016-07-04
 
CVE-2016-4957

CWE-20
 

 
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

 
 
CVE-2016-4956

CWE-19
 

 
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

 
 
CVE-2016-4955

CWE-362
 

 
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

 
2016-06-09
 
CVE-2016-4448

CWE-134
 

 
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

 
2016-06-03
 
CVE-2016-0376

CWE-Other
 

 
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.

 
 
CVE-2016-0363

CWE-20
 

 
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

 
2016-03-09
 
CVE-2016-1286

CWE-20
 

 
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

 
 
CVE-2016-1285

CWE-20
 

 
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

 

 >>> Vendor: Novell 111 Products
Unixware
Http server
Web server
Suse linux
Netware
Groupwise
Netware client
Bordermanager
Client
Netware ftp server
Groupwise webaccess
Messenger
Web search
Netmail
Netmail xe
Emframe
Small business suite
Edirectory
Ichain
LEAP
Zenworks desktops
Imanager
Client firewall
Internet messaging system
Linux desktop
Nsure audit
Zenworks
Zenworks remote management
Zenworks server management
Zenworks servers
Open enterprise server
Zenworks patch management server
Groupwise messenger
Imonitor
Identity manager
Zenworks asset management
Apache http server
Access manager identity server
Access manager
Securelogin
Opensuse
Extend director
Modular authentication service
Client login extension (cle)
Zenworks endpoint security management
Opensuse swamp
Zenworks patch management update agent
Challenge response client
Novell client for windows
Apparmor
Iprint
Iprint client
Novell forum
Service desk
Zenworks desktop management
Identity manager roles based provisioning module
User application
Teaming
Netidentity client1.2.3
Suse linux enterprise server
Suse lifecycle management server
Zenworks configuration management
Moonlight
Zenworks handheld management
Vibe onprem
Zenworks configuration manager
Iprint open enterprise server
Opensuse build service
File reporter
Suse linux enterprise
Opensuse factory
Identity manager user application
Xtier framework
Data synchronizer
Mobility pack
File reporter engine
Suse studio onsite
Cloud manager
Iprint open enterprise server 2
Sentinel log manager
Suse audit log keeper
Zenworks mobile management
Kanaka
Suse linux enterprise desktop
Libzypp
Suse linux software development kit
Suse manager
Suse linux enterprise for sap applications
Suse cloud
Suse linux enterprise software development kit
Suse linux for vmware
Suse linux sdk
FILR
Suse linux enterprise module for legacy software
Suse manager proxy
Suse openstack cloud
Suse package hub for suse linux enterprise
Suse linux enterprise live patching
Suse linux enterprise module for public cloud
Suse linux enterprise workstation extension
See all Products for Vendor Novell


Copyright 2024, cxsecurity.com

 

Back to Top