This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2014-06-11
Product Linux Enterprise Desktop Last view 2020-01-23
Version 12 Type Os
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:suse:linux_enterprise_desktop

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.8 2017-04-12 CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

7.8 2017-04-12 CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

7.8 2017-04-12 CVE-2016-9957

Stack-based buffer overflow in game-music-emu before 0.6.1.

7.8 2017-03-23 CVE-2016-1602

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

4.3 2017-01-30 CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

7.5 2016-06-27 CVE-2016-5244

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

9.8 2016-05-26 CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8 2016-04-19 CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.8 2016-04-19 CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

9.1 2016-04-19 CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

9.8 2016-04-19 CVE-2014-9761

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

8.1 2016-02-18 CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

7.2 2015-08-12 CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

10 2015-07-14 CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

10 2015-07-05 CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10 2015-07-05 CVE-2015-2737

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10 2015-07-05 CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

3.7 2015-05-20 CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

2.9 2015-04-28 CVE-2015-3340

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

5 2015-03-02 CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

2.1 2015-01-09 CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1 2015-01-09 CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

5 2014-12-02 CVE-2014-9116

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

CWE : Common Weakness Enumeration

%idName
38% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (3) CWE-17 Code
7% (2) CWE-200 Information Exposure
7% (2) CWE-189 Numeric Errors
7% (2) CWE-20 Improper Input Validation
3% (1) CWE-787 Out-of-bounds Write
3% (1) CWE-416 Use After Free
3% (1) CWE-361 Time and State
3% (1) CWE-310 Cryptographic Issues
3% (1) CWE-254 Security Features
3% (1) CWE-125 Out-of-bounds Read
3% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2016-03-14 glibc getaddrinfo AAAA record stack buffer overflow attempt
RuleID : 37731-community - Type : PROTOCOL-DNS - Revision : 5
2016-03-22 glibc getaddrinfo AAAA record stack buffer overflow attempt
RuleID : 37731 - Type : PROTOCOL-DNS - Revision : 5
2016-03-14 glibc getaddrinfo A record stack buffer overflow attempt
RuleID : 37730-community - Type : PROTOCOL-DNS - Revision : 5
2016-03-22 glibc getaddrinfo A record stack buffer overflow attempt
RuleID : 37730 - Type : PROTOCOL-DNS - Revision : 5
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35466 - Type : FILE-FLASH - Revision : 2
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35465 - Type : FILE-FLASH - Revision : 2
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35464 - Type : FILE-FLASH - Revision : 2
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35463 - Type : FILE-FLASH - Revision : 2
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35220 - Type : FILE-FLASH - Revision : 2
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35219 - Type : FILE-FLASH - Revision : 2
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35218 - Type : FILE-FLASH - Revision : 2
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35217 - Type : FILE-FLASH - Revision : 2
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33806 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33805 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33804 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33803 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33802 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33801 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33800 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33799 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33798 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33797 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33796 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33795 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33794 - Type : SERVER-OTHER - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-05-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0017.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL31211252.nasl - Type: ACT_GATHER_INFO
2017-10-12 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_9164f51eae2011e7a633009c02a2ab30.nasl - Type: ACT_GATHER_INFO
2017-09-25 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-266-02.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL52320548.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1199.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1200.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-877.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_glibc_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-02.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_6.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application running on the remote host is affected by multiple vulnerabili...
File: itunes_12_6_banner.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: The remote host contains an application that is affected by multiple vulnerab...
File: macos_itunes_12_6.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1002.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170321_glibc_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-0680.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0051.nasl - Type: ACT_GATHER_INFO
2017-03-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO