Summary
| Detail | |||
|---|---|---|---|
| Vendor | Suse | First view | 2015-03-31 |
| Product | Linux Enterprise Debuginfo | Last view | 2020-01-23 |
| Version | 11 | Type | Application |
| Update | sp3 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:suse:linux_enterprise_debuginfo | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2020-01-23 | CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
| 7.5 | 2017-07-21 | CVE-2015-5300 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). |
| 7.5 | 2017-07-21 | CVE-2015-5219 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. |
| 7.5 | 2017-07-21 | CVE-2015-5194 | The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. |
| 4.3 | 2017-01-30 | CVE-2015-7976 | The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. |
| 9.8 | 2016-04-19 | CVE-2015-8779 | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. |
| 9.8 | 2016-04-19 | CVE-2015-8778 | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. |
| 9.1 | 2016-04-19 | CVE-2015-8776 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. |
| 6.8 | 2015-09-28 | CVE-2015-1781 | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. |
| 5 | 2015-03-31 | CVE-2015-2808 | The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11% (1) | CWE-704 | Incorrect Type Conversion or Cast |
| 11% (1) | CWE-361 | Time and State |
| 11% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 11% (1) | CWE-254 | Security Features |
| 11% (1) | CWE-189 | Numeric Errors |
| 11% (1) | CWE-20 | Improper Input Validation |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-04-12 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 41907 - Type : POLICY-OTHER - Revision : 3 |
| 2016-04-05 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 37916 - Type : POLICY-OTHER - Revision : 3 |
| 2016-04-05 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 37915 - Type : POLICY-OTHER - Revision : 3 |
| 2016-04-05 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 37914 - Type : POLICY-OTHER - Revision : 3 |
| 2016-04-05 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 37913 - Type : POLICY-OTHER - Revision : 3 |
| 2016-04-05 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 37912 - Type : POLICY-OTHER - Revision : 3 |
| 2016-03-14 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 37026 - Type : POLICY-OTHER - Revision : 4 |
| 2016-03-14 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 37025 - Type : POLICY-OTHER - Revision : 4 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-12-04 | Name: The remote host is missing a vendor-supplied security patch. File: check_point_gaia_sk106499.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1199.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1200.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-877.nasl - Type: ACT_GATHER_INFO |
| 2017-08-25 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO |
| 2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170801_glibc_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote AIX host has a version of NTP installed that is affected by multip... File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote AIX host has a version of NTP installed that is affected by multip... File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote AIX host has a version of NTP installed that is affected by a data... File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-1916.nasl - Type: ACT_GATHER_INFO |
| 2017-08-03 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1060.nasl - Type: ACT_GATHER_INFO |
| 2017-04-06 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170321_glibc_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-0680.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0051.nasl - Type: ACT_GATHER_INFO |
| 2017-03-27 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO |
| 2017-03-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO |
| 2017-03-01 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL02360853.nasl - Type: ACT_GATHER_INFO |
| 2017-02-21 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201702-11.nasl - Type: ACT_GATHER_INFO |
| 2017-02-01 | Name: The remote host is affected by multiple vulnerabilities. File: citrix_xenserver_CTX220112.nasl - Type: ACT_GATHER_INFO |
| 2017-01-24 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0255-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-29 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1525.nasl - Type: ACT_GATHER_INFO |
| 2016-12-21 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3193-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-21 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3195-1.nasl - Type: ACT_GATHER_INFO |
| 2016-12-21 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-3196-1.nasl - Type: ACT_GATHER_INFO |
