This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2016-05-24
Product Linux Enterprise Server Last view 2018-11-25
Version 11 Type Os
Update sp3  
Edition *  
Language *  
Sofware Edition ltss  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:suse:linux_enterprise_server

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2018-11-25 CVE-2018-19543

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

6.5 2018-11-25 CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

8.8 2018-11-25 CVE-2018-19541

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.

8.8 2018-11-25 CVE-2018-19540

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.

6.5 2018-11-25 CVE-2018-19539

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

5.5 2018-10-31 CVE-2018-18873

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

4.3 2018-10-22 CVE-2018-18585

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

6.5 2018-10-22 CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

7.5 2018-10-09 CVE-2018-17962

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.5 2017-07-21 CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5 2017-07-21 CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

4.3 2017-01-30 CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

7.5 2016-07-04 CVE-2016-4957

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

5.3 2016-07-04 CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

5.9 2016-07-04 CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

7.5 2016-07-04 CVE-2016-4954

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

7.5 2016-07-04 CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

5.6 2016-05-24 CVE-2016-0264

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
21% (4) CWE-476 NULL Pointer Dereference
10% (2) CWE-787 Out-of-bounds Write
10% (2) CWE-362 Race Condition
10% (2) CWE-125 Out-of-bounds Read
10% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (1) CWE-704 Incorrect Type Conversion or Cast
5% (1) CWE-617 Reachable Assertion
5% (1) CWE-361 Time and State
5% (1) CWE-287 Improper Authentication
5% (1) CWE-254 Security Features
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-20 Improper Input Validation

Snort® IPS/IDS

Date Description
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52133 - Type : FILE-OTHER - Revision : 2
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52132 - Type : FILE-OTHER - Revision : 2
2018-03-23 NTP crypto-NAK denial of service attempt
RuleID : 45693 - Type : SERVER-OTHER - Revision : 3
2017-12-13 NTP crypto-NAK denial of service attempt
RuleID : 44756 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1628.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-87f2ace20d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-a5953af115.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-cb337fb199.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-11-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-c73d257297.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4338.nasl - Type: ACT_GATHER_INFO
2018-10-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1555.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1124.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1125.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1216.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1060.nasl - Type: ACT_GATHER_INFO
2017-04-04 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v4_advisory7.nasl - Type: ACT_GATHER_INFO
2017-03-01 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL02360853.nasl - Type: ACT_GATHER_INFO
2017-02-01 Name: The remote host is affected by multiple vulnerabilities.
File: citrix_xenserver_CTX220112.nasl - Type: ACT_GATHER_INFO
2017-01-24 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0255-1.nasl - Type: ACT_GATHER_INFO
2016-12-29 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1525.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL03331206.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL64505405.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL82644737.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3193-1.nasl - Type: ACT_GATHER_INFO
2016-12-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3195-1.nasl - Type: ACT_GATHER_INFO