This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2015-03-31
Product Linux Enterprise Debuginfo Last view 2020-01-23
Version 11 Type Application
Update sp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:suse:linux_enterprise_debuginfo

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.5 2017-07-21 CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5 2017-07-21 CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

4.3 2017-01-30 CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

9.8 2016-04-19 CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.8 2016-04-19 CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

9.1 2016-04-19 CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

6.8 2015-09-28 CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

5 2015-03-31 CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

CWE : Common Weakness Enumeration

%idName
33% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (1) CWE-704 Incorrect Type Conversion or Cast
11% (1) CWE-361 Time and State
11% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
11% (1) CWE-254 Security Features
11% (1) CWE-189 Numeric Errors
11% (1) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089

Snort® IPS/IDS

Date Description
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37916 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37915 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37914 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37913 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37912 - Type : POLICY-OTHER - Revision : 3
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37026 - Type : POLICY-OTHER - Revision : 4
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37025 - Type : POLICY-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-04 Name: The remote host is missing a vendor-supplied security patch.
File: check_point_gaia_sk106499.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1199.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1200.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-877.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_glibc_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1060.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170321_glibc_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-0680.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0051.nasl - Type: ACT_GATHER_INFO
2017-03-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO
2017-03-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO
2017-03-01 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL02360853.nasl - Type: ACT_GATHER_INFO
2017-02-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201702-11.nasl - Type: ACT_GATHER_INFO
2017-02-01 Name: The remote host is affected by multiple vulnerabilities.
File: citrix_xenserver_CTX220112.nasl - Type: ACT_GATHER_INFO
2017-01-24 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0255-1.nasl - Type: ACT_GATHER_INFO
2016-12-29 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1525.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3193-1.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3195-1.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3196-1.nasl - Type: ACT_GATHER_INFO