Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Filtered by product Suse Linux Enterprise Server
Total 95 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6815 7 Arista, Canonical, Fedoraproject and 4 more 11 Eos, Ubuntu Linux, Fedora and 8 more 2023-12-10 2.7 LOW 3.5 LOW
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2020-8118 3 Nextcloud, Novell, Opensuse 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle 2023-12-10 4.0 MEDIUM 5.0 MEDIUM
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVE-2013-4357 5 Canonical, Debian, Eglibc and 2 more 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVE-2016-9961 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-5759 2 Novell, Opensuse 3 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Leap 2023-12-10 6.9 MEDIUM 7.8 HIGH
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
CVE-2016-9960 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2023-12-10 2.1 LOW 5.5 MEDIUM
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2017-1000366 8 Debian, Gnu, Mcafee and 5 more 20 Debian Linux, Glibc, Web Gateway and 17 more 2023-12-10 7.2 HIGH 7.8 HIGH
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
CVE-2017-7995 3 Novell, Suse, Xen 6 Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server, Manager and 3 more 2023-12-10 1.7 LOW 3.8 LOW
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
CVE-2016-2815 4 Canonical, Mozilla, Novell and 1 more 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2818 6 Canonical, Debian, Mozilla and 3 more 22 Ubuntu Linux, Debian Linux, Firefox and 19 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2184 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2023-12-10 4.9 MEDIUM 4.6 MEDIUM
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3137 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2023-12-10 4.9 MEDIUM 4.6 MEDIUM
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
CVE-2016-3672 3 Canonical, Linux, Novell 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more 2023-12-10 4.6 MEDIUM 7.8 HIGH
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
CVE-2015-2733 3 Mozilla, Novell, Oracle 5 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 2 more 2023-12-10 10.0 HIGH N/A
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.
CVE-2016-2847 2 Linux, Novell 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more 2023-12-10 4.9 MEDIUM 6.2 MEDIUM
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-3139 2 Linux, Novell 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more 2023-12-10 4.9 MEDIUM 4.6 MEDIUM
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2015-2713 3 Mozilla, Novell, Opensuse 7 Firefox, Firefox Esr, Thunderbird and 4 more 2023-12-10 6.8 MEDIUM N/A
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
CVE-2015-8919 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
CVE-2015-8922 4 Canonical, Libarchive, Novell and 1 more 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
CVE-2015-7566 2 Linux, Novell 5 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Real Time Extension and 2 more 2023-12-10 4.9 MEDIUM 4.6 MEDIUM
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.