Summary
Detail | |||
---|---|---|---|
Vendor | Novell | First view | 2008-07-09 |
Product | Suse Linux Enterprise Server | Last view | 2020-02-04 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2020-02-04 | CVE-2020-8118 | An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. |
3.5 | 2020-01-31 | CVE-2015-6815 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. |
7.5 | 2019-12-31 | CVE-2013-4357 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. |
7.8 | 2017-09-08 | CVE-2016-5759 | The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. |
7.8 | 2017-06-19 | CVE-2017-1000366 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
9.8 | 2017-06-06 | CVE-2016-9961 | game-music-emu before 0.6.1 mishandles unspecified integer values. |
5.5 | 2017-06-06 | CVE-2016-9960 | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |
3.8 | 2017-05-03 | CVE-2017-7995 | Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. |
5.5 | 2016-10-13 | CVE-2016-7796 | The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. |
5.5 | 2016-09-20 | CVE-2015-8924 | The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. |
6.5 | 2016-09-20 | CVE-2015-8923 | The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. |
5.5 | 2016-09-20 | CVE-2015-8922 | The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. |
7.5 | 2016-09-20 | CVE-2015-8921 | The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. |
5.5 | 2016-09-20 | CVE-2015-8920 | The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. |
7.5 | 2016-09-20 | CVE-2015-8919 | The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. |
7.5 | 2016-09-20 | CVE-2015-8918 | The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." |
7.8 | 2016-07-03 | CVE-2016-4997 | The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. |
7.8 | 2016-06-27 | CVE-2016-1583 | The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. |
8.8 | 2016-06-13 | CVE-2016-2834 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. |
8.8 | 2016-06-13 | CVE-2016-2818 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
8.8 | 2016-06-13 | CVE-2016-2815 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
8.1 | 2016-06-03 | CVE-2016-0376 | The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456. |
8.1 | 2016-06-03 | CVE-2016-0363 | The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. |
7.8 | 2016-05-23 | CVE-2016-4913 | The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. |
7.8 | 2016-05-23 | CVE-2016-4805 | Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
25% (14) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12% (7) | CWE-200 | Information Exposure |
12% (7) | CWE-20 | Improper Input Validation |
7% (4) | CWE-17 | Code |
5% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
5% (3) | CWE-310 | Cryptographic Issues |
5% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
5% (3) | CWE-125 | Out-of-bounds Read |
3% (2) | CWE-399 | Resource Management Errors |
1% (1) | CWE-476 | NULL Pointer Dereference |
1% (1) | CWE-416 | Use After Free |
1% (1) | CWE-369 | Divide By Zero |
1% (1) | CWE-284 | Access Control (Authorization) Issues |
1% (1) | CWE-269 | Improper Privilege Management |
1% (1) | CWE-254 | Security Features |
1% (1) | CWE-189 | Numeric Errors |
1% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:10437 | The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.... |
oval:org.mitre.oval:def:21568 | RHSA-2012:1174: kernel security and bug fix update (Low) |
oval:org.mitre.oval:def:23258 | ELSA-2012:1174: kernel security and bug fix update (Low) |
oval:org.mitre.oval:def:27630 | DEPRECATED: ELSA-2012-1174 -- kernel security and bug fix update (low) |
oval:org.mitre.oval:def:27535 | ELSA-2012-1174-1 -- kernel security and bug fix update (low) |
oval:org.mitre.oval:def:14148 | USN-1167-1 -- linux vulnerabilities |
oval:org.mitre.oval:def:14138 | USN-1141-1 -- linux, linux-ec2 vulnerabilities |
oval:org.mitre.oval:def:13956 | USN-1162-1 -- linux-mvl-dove vulnerabilities |
oval:org.mitre.oval:def:13900 | USN-1159-1 -- linux-mvl-dove vulnerabilities |
oval:org.mitre.oval:def:13238 | USN-1160-1 -- linux vulnerabilities |
oval:org.mitre.oval:def:21274 | USN-1211-1 -- linux vulnerabilities |
oval:org.mitre.oval:def:21142 | USN-1218-1 -- linux vulnerabilities |
oval:org.mitre.oval:def:20889 | USN-1212-1 -- linux-ti-omap4 vulnerabilities |
oval:org.mitre.oval:def:20869 | USN-1216-1 -- linux-ec2 vulnerabilities |
oval:org.mitre.oval:def:15414 | DSA-2389-1 linux-2.6 -- privilege escalation/denial of service/information leak |
oval:org.mitre.oval:def:15398 | USN-1202-1 -- Linux kernel (OMAP4) vulnerabilities |
oval:org.mitre.oval:def:15354 | USN-1189-1 -- Linux kernel vulnerabilities |
oval:org.mitre.oval:def:15261 | USN-1201-1 -- Linux kernel vulnerabilities |
oval:org.mitre.oval:def:15142 | USN-1204-1 -- Linux kernel (i.MX51) vulnerabilities |
oval:org.mitre.oval:def:15108 | USN-1203-1 -- Linux kernel (Marvel DOVE) vulnerabilities |
oval:org.mitre.oval:def:15019 | USN-1256-1 -- Linux kernel (Natty backport) vulnerabilities |
oval:org.mitre.oval:def:14979 | USN-1208-1 -- Linux kernel (Marvel DOVE) vulnerabilities |
oval:org.mitre.oval:def:18497 | DSA-2715-1 puppet - code execution |
oval:org.mitre.oval:def:17078 | USN-1886-1 -- Puppet vulnerability |
oval:org.mitre.oval:def:25904 | SUSE-SU-2013:1304-1 -- Security update for puppet |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
58242 | SUSE Linux Enterprise (SLE) on IA64 ia32el Unspecified Local DoS |
47001 | Linux Kernel fs/namespace.c do_change_type Function Mountpoint Manipulation L... |
OpenVAS Exploits
id | Description |
---|---|
2014-10-16 | Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2389_1.nasl |
2012-09-27 | Name : CentOS Update for kernel CESA-2012:1304 centos6 File : nvt/gb_CESA-2012_1304_kernel_centos6.nasl |
2012-09-27 | Name : RedHat Update for kernel RHSA-2012:1304-01 File : nvt/gb_RHSA-2012_1304-01_kernel.nasl |
2012-08-24 | Name : CentOS Update for kernel CESA-2012:1174 centos5 File : nvt/gb_CESA-2012_1174_kernel_centos5.nasl |
2012-08-24 | Name : RedHat Update for kernel RHSA-2012:1174-01 File : nvt/gb_RHSA-2012_1174-01_kernel.nasl |
2012-08-14 | Name : Ubuntu Update for linux-ti-omap4 USN-1530-1 File : nvt/gb_ubuntu_USN_1530_1.nasl |
2012-07-03 | Name : Ubuntu Update for linux USN-1493-1 File : nvt/gb_ubuntu_USN_1493_1.nasl |
2012-07-03 | Name : Ubuntu Update for linux USN-1492-1 File : nvt/gb_ubuntu_USN_1492_1.nasl |
2012-07-03 | Name : Ubuntu Update for linux USN-1488-1 File : nvt/gb_ubuntu_USN_1488_1.nasl |
2012-07-03 | Name : Ubuntu Update for linux-lts-backport-natty USN-1490-1 File : nvt/gb_ubuntu_USN_1490_1.nasl |
2012-07-03 | Name : Ubuntu Update for linux-ec2 USN-1491-1 File : nvt/gb_ubuntu_USN_1491_1.nasl |
2012-06-19 | Name : Ubuntu Update for linux-ti-omap4 USN-1476-1 File : nvt/gb_ubuntu_USN_1476_1.nasl |
2012-06-15 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1471-1 File : nvt/gb_ubuntu_USN_1471_1.nasl |
2012-06-15 | Name : Ubuntu Update for linux-ti-omap4 USN-1474-1 File : nvt/gb_ubuntu_USN_1474_1.nasl |
2012-06-15 | Name : Ubuntu Update for linux USN-1473-1 File : nvt/gb_ubuntu_USN_1473_1.nasl |
2012-06-15 | Name : Ubuntu Update for linux USN-1472-1 File : nvt/gb_ubuntu_USN_1472_1.nasl |
2009-10-13 | Name : SLES10: Security update for ia32el File : nvt/sles10_ia32el.nasl |
2009-10-13 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel3.nasl |
2009-09-21 | Name : SuSE Security Summary SUSE-SR:2009:015 File : nvt/suse_sr_2009_015.nasl |
2009-03-23 | Name : Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-637-1 File : nvt/gb_ubuntu_USN_637_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0885-01 File : nvt/gb_RHSA-2008_0885-01_kernel.nasl |
2008-09-04 | Name : Debian Security Advisory DSA 1630-1 (linux-2.6) File : nvt/deb_1630_1.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0154 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0061081 |
2015-A-0042 | Samba Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0058919 |
2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
2015-B-0012 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0058517 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-09-23 | Mozilla Firefox PDF.js same origin policy violation attempt RuleID : 35676 - Type : BROWSER-FIREFOX - Revision : 3 |
2015-09-23 | Mozilla Firefox PDF.js same origin policy violation attempt RuleID : 35675 - Type : BROWSER-FIREFOX - Revision : 3 |
2015-04-14 | Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt RuleID : 33826 - Type : SERVER-SAMBA - Revision : 3 |
2014-12-18 | SSLv3 CBC client connection attempt RuleID : 32566 - Type : POLICY-OTHER - Revision : 2 |
2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32205 - Type : SERVER-OTHER - Revision : 5 |
2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32204 - Type : SERVER-OTHER - Revision : 5 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-14 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0022.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0023.nasl - Type: ACT_GATHER_INFO |
2018-05-24 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL20486351.nasl - Type: ACT_GATHER_INFO |
2018-04-27 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-1062.nasl - Type: ACT_GATHER_INFO |
2017-12-07 | Name: The remote host is potentially affected by an SSL/TLS vulnerability. File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO |
2017-10-23 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO |
2017-09-20 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2760.nasl - Type: ACT_GATHER_INFO |
2017-08-15 | Name: The remote host running McAfee Web Gateway is affected by multiple code execu... File: mcafee_web_gateway_sb10205.nasl - Type: ACT_GATHER_INFO |
2017-08-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1146.nasl - Type: ACT_GATHER_INFO |
2017-08-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1147.nasl - Type: ACT_GATHER_INFO |
2017-07-31 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0124.nasl - Type: ACT_GATHER_INFO |
2017-07-20 | Name: The remote database server is affected by multiple vulnerabilities. File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-d80ab96e61.nasl - Type: ACT_GATHER_INFO |
2017-07-13 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-1480.nasl - Type: ACT_GATHER_INFO |
2017-07-13 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-1481.nasl - Type: ACT_GATHER_INFO |
2017-07-10 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201707-02.nasl - Type: ACT_GATHER_INFO |
2017-07-03 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-181-01.nasl - Type: ACT_GATHER_INFO |
2017-06-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-715.nasl - Type: ACT_GATHER_INFO |
2017-06-30 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3323-2.nasl - Type: ACT_GATHER_INFO |
2017-06-30 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3338-2.nasl - Type: ACT_GATHER_INFO |
2017-06-28 | Name: The remote Fedora host is missing a security update. File: fedora_2017-698daef73c.nasl - Type: ACT_GATHER_INFO |
2017-06-23 | Name: The remote Fedora host is missing a security update. File: fedora_2017-79414fefa1.nasl - Type: ACT_GATHER_INFO |