Summary
| Detail | |||
|---|---|---|---|
| Vendor | Opensuse | First view | 2012-02-08 |
| Product | Suse Linux Enterprise Server | Last view | 2020-02-17 |
| Version | 11.0 | Type | Os |
| Update | sp3 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:opensuse:suse_linux_enterprise_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2020-02-17 | CVE-2014-1947 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. |
| 3.5 | 2020-01-31 | CVE-2015-6815 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. |
| 6.5 | 2020-01-23 | CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
| 8.8 | 2019-11-25 | CVE-2012-6639 | An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
| 7.5 | 2017-08-09 | CVE-2015-3405 | ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. |
| 9.8 | 2016-04-19 | CVE-2015-8779 | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. |
| 9.8 | 2016-04-19 | CVE-2015-8778 | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. |
| 9.1 | 2016-04-19 | CVE-2015-8776 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. |
| 2.1 | 2015-12-07 | CVE-2015-5006 | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. |
| 6.8 | 2015-09-28 | CVE-2015-1781 | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. |
| 2.9 | 2015-04-28 | CVE-2015-3340 | Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. |
| 2.1 | 2015-04-16 | CVE-2015-2576 | Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. |
| 4.9 | 2015-04-16 | CVE-2015-2575 | Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. |
| 3.5 | 2015-04-16 | CVE-2015-0505 | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. |
| 4 | 2015-04-16 | CVE-2015-0500 | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. |
| 9.3 | 2015-04-16 | CVE-2015-0492 | Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. |
| 6.8 | 2015-04-16 | CVE-2015-0484 | Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. |
| 4 | 2015-04-16 | CVE-2015-0439 | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. |
| 4 | 2015-04-16 | CVE-2015-0438 | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. |
| 4 | 2015-04-16 | CVE-2015-0433 | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. |
| 4 | 2015-04-16 | CVE-2015-0423 | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. |
| 4 | 2015-04-16 | CVE-2015-0405 | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA. |
| 5 | 2015-03-27 | CVE-2014-8121 | DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. |
| 1.9 | 2015-01-21 | CVE-2015-0413 | Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. |
| 9.3 | 2015-01-21 | CVE-2015-0395 | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 18% (8) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
| 11% (5) | CWE-416 | Use After Free |
| 6% (3) | CWE-200 | Information Exposure |
| 4% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 4% (2) | CWE-269 | Improper Privilege Management |
| 4% (2) | CWE-125 | Out-of-bounds Read |
| 4% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 4% (2) | CWE-20 | Improper Input Validation |
| 2% (1) | CWE-787 | Out-of-bounds Write |
| 2% (1) | CWE-476 | NULL Pointer Dereference |
| 2% (1) | CWE-362 | Race Condition |
| 2% (1) | CWE-347 | Improper Verification of Cryptographic Signature |
| 2% (1) | CWE-346 | Origin Validation Error |
| 2% (1) | CWE-331 | Insufficient Entropy |
| 2% (1) | CWE-326 | Inadequate Encryption Strength |
| 2% (1) | CWE-310 | Cryptographic Issues |
| 2% (1) | CWE-189 | Numeric Errors |
| 2% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 2% (1) | CWE-17 | Code |
ExploitDB Exploits
| id | Description |
|---|---|
| 31688 | ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2014-10-16 | Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox) File : nvt/gb_suse_2012_1345_1.nasl |
| 2012-11-16 | Name : Debian Security Advisory DSA 2569-1 (icedove) File : nvt/deb_2569_1.nasl |
| 2012-11-16 | Name : Debian Security Advisory DSA 2572-1 (iceape) File : nvt/deb_2572_1.nasl |
| 2012-10-29 | Name : Debian Security Advisory DSA 2565-1 (iceweasel) File : nvt/deb_2565_1.nasl |
| 2012-10-16 | Name : Ubuntu Update for thunderbird USN-1611-1 File : nvt/gb_ubuntu_USN_1611_1.nasl |
| 2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities-01 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln01_oct12_win.nasl |
| 2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities-01 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln01_oct12_macosx.nasl |
| 2012-10-13 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox70.nasl |
| 2012-10-11 | Name : CentOS Update for thunderbird CESA-2012:1351 centos6 File : nvt/gb_CESA-2012_1351_thunderbird_centos6.nasl |
| 2012-10-11 | Name : RedHat Update for firefox RHSA-2012:1350-01 File : nvt/gb_RHSA-2012_1350-01_firefox.nasl |
| 2012-10-11 | Name : RedHat Update for thunderbird RHSA-2012:1351-01 File : nvt/gb_RHSA-2012_1351-01_thunderbird.nasl |
| 2012-10-11 | Name : CentOS Update for thunderbird CESA-2012:1351 centos5 File : nvt/gb_CESA-2012_1351_thunderbird_centos5.nasl |
| 2012-10-11 | Name : CentOS Update for firefox CESA-2012:1350 centos6 File : nvt/gb_CESA-2012_1350_firefox_centos6.nasl |
| 2012-10-11 | Name : CentOS Update for firefox CESA-2012:1350 centos5 File : nvt/gb_CESA-2012_1350_firefox_centos5.nasl |
| 2012-10-11 | Name : Ubuntu Update for firefox USN-1600-1 File : nvt/gb_ubuntu_USN_1600_1.nasl |
| 2012-10-05 | Name : Ubuntu Update for libxslt USN-1595-1 File : nvt/gb_ubuntu_USN_1595_1.nasl |
| 2012-10-03 | Name : Fedora Update for libxslt FEDORA-2012-14048 File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl |
| 2012-09-27 | Name : Fedora Update for libxslt FEDORA-2012-14083 File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl |
| 2012-09-17 | Name : RedHat Update for libxslt RHSA-2012:1265-01 File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl |
| 2012-09-17 | Name : CentOS Update for libxslt CESA-2012:1265 centos5 File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl |
| 2012-09-17 | Name : CentOS Update for libxslt CESA-2012:1265 centos6 File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-08 (libxslt) File : nvt/glsa_201203_08.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201202-01 (chromium) File : nvt/glsa_201202_01.nasl |
| 2012-03-07 | Name : Mandriva Update for libxslt MDVSA-2012:028 (libxslt) File : nvt/gb_mandriva_MDVSA_2012_028.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0154 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0061081 |
| 2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
| 2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
| 2015-B-0012 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0058517 |
| 2014-A-0106 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0053189 |
| 2014-A-0043 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0046769 |
| 2014-A-0021 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0043921 |
| 2013-A-0233 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0042596 |
| 2013-A-0031 | Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity: Category I - VMSKEY: V0036787 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-12-18 | SSLv3 CBC client connection attempt RuleID : 32566 - Type : POLICY-OTHER - Revision : 2 |
| 2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32205 - Type : SERVER-OTHER - Revision : 5 |
| 2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32204 - Type : SERVER-OTHER - Revision : 5 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29546 - Type : FILE-MULTIMEDIA - Revision : 4 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29545 - Type : FILE-MULTIMEDIA - Revision : 4 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29544 - Type : FILE-MULTIMEDIA - Revision : 4 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29543 - Type : FILE-MULTIMEDIA - Revision : 4 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29542 - Type : FILE-MULTIMEDIA - Revision : 3 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29541 - Type : FILE-MULTIMEDIA - Revision : 3 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29540 - Type : FILE-MULTIMEDIA - Revision : 3 |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29539 - Type : FILE-MULTIMEDIA - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
| 2017-12-07 | Name: The remote host is potentially affected by an SSL/TLS vulnerability. File: check_point_gaia_sk103683.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1199.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1200.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-877.nasl - Type: ACT_GATHER_INFO |
| 2017-08-25 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-1842.nasl - Type: ACT_GATHER_INFO |
| 2017-08-25 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO |
| 2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170801_glibc_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170801_kernel_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-16 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-1842-1.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-1842.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-1916.nasl - Type: ACT_GATHER_INFO |
| 2017-08-03 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1842.nasl - Type: ACT_GATHER_INFO |
| 2017-08-03 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO |
| 2017-08-03 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2077.nasl - Type: ACT_GATHER_INFO |
| 2017-07-20 | Name: The remote database server is affected by multiple vulnerabilities. File: oracle_rdbms_cpu_jul_2017.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-459.nasl - Type: ACT_GATHER_INFO |
| 2017-04-06 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170321_glibc_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2017-04-03 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-0680.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0051.nasl - Type: ACT_GATHER_INFO |
| 2017-03-27 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO |
| 2017-03-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO |
| 2017-02-21 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201702-11.nasl - Type: ACT_GATHER_INFO |
| 2017-01-10 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type: ACT_GATHER_INFO |
