This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2012-02-08
Product Linux Enterprise Software Development Kit Last view 2020-02-17
Version 11 Type Os
Update sp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:suse:linux_enterprise_software_development_kit

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-02-17 CVE-2014-1947

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

9.8 2016-04-19 CVE-2015-8779

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.8 2016-04-19 CVE-2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

9.1 2016-04-19 CVE-2015-8776

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

2.1 2015-12-07 CVE-2015-5006

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

5 2015-11-17 CVE-2015-0272

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

5 2015-11-08 CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

7.5 2015-06-15 CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

4.6 2015-06-03 CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

2.1 2015-04-16 CVE-2015-2576

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.

4.9 2015-04-16 CVE-2015-2575

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

5 2015-04-16 CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

5.7 2015-04-16 CVE-2015-0501

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

5 2015-03-31 CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

5.5 2014-07-17 CVE-2014-4260

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

6.5 2014-07-17 CVE-2014-4258

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

4 2014-07-17 CVE-2014-4207

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

5 2014-06-05 CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

7.5 2014-06-05 CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

5 2014-06-05 CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

6.8 2014-03-19 CVE-2014-1502

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

5.8 2014-03-19 CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

5 2014-03-19 CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

4.3 2014-03-19 CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

CWE : Common Weakness Enumeration

%idName
10% (3) CWE-787 Out-of-bounds Write
10% (3) CWE-200 Information Exposure
10% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-416 Use After Free
6% (2) CWE-264 Permissions, Privileges, and Access Controls
3% (1) CWE-763 Release of Invalid Pointer or Reference
3% (1) CWE-476 NULL Pointer Dereference
3% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (1) CWE-362 Race Condition
3% (1) CWE-352 Cross-Site Request Forgery (CSRF)
3% (1) CWE-347 Improper Verification of Cryptographic Signature
3% (1) CWE-346 Origin Validation Error
3% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
3% (1) CWE-326 Inadequate Encryption Strength
3% (1) CWE-190 Integer Overflow or Wraparound
3% (1) CWE-189 Numeric Errors
3% (1) CWE-131 Incorrect Calculation of Buffer Size
3% (1) CWE-125 Out-of-bounds Read
3% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
3% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

ExploitDB Exploits

id Description
31688 ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)

OpenVAS Exploits

id Description
2012-12-04 Name : Ubuntu Update for firefox USN-1638-3
File : nvt/gb_ubuntu_USN_1638_3.nasl
2012-11-26 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox72.nasl
2012-11-26 Name : Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows)
File : nvt/gb_mozilla_thunderbird_mult_vuln02_nov12_win.nasl
2012-11-26 Name : Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)
File : nvt/gb_mozilla_seamonkey_mult_vuln02_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)
File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_macosx.nasl
2012-11-23 Name : Ubuntu Update for thunderbird USN-1636-1
File : nvt/gb_ubuntu_USN_1636_1.nasl
2012-11-23 Name : Ubuntu Update for firefox USN-1638-1
File : nvt/gb_ubuntu_USN_1638_1.nasl
2012-11-23 Name : Ubuntu Update for ubufox USN-1638-2
File : nvt/gb_ubuntu_USN_1638_2.nasl
2012-10-05 Name : Ubuntu Update for libxslt USN-1595-1
File : nvt/gb_ubuntu_USN_1595_1.nasl
2012-10-03 Name : Fedora Update for libxslt FEDORA-2012-14048
File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl
2012-09-27 Name : Fedora Update for libxslt FEDORA-2012-14083
File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl
2012-09-17 Name : RedHat Update for libxslt RHSA-2012:1265-01
File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos6
File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos5
File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201202-01 (chromium)
File : nvt/glsa_201202_01.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201203-08 (libxslt)
File : nvt/glsa_201203_08.nasl
2012-03-07 Name : Mandriva Update for libxslt MDVSA-2012:028 (libxslt)
File : nvt/gb_mandriva_MDVSA_2012_028.nasl
2012-02-14 Name : Google Chrome Multiple Vulnerabilities - February 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_feb12_lin.nasl
2012-02-14 Name : Google Chrome Multiple Vulnerabilities - February 12 (MAC OS X)
File : nvt/gb_google_chrome_mult_vuln_feb12_macosx.nasl
2012-02-14 Name : Google Chrome Multiple Vulnerabilities - February 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_feb12_win.nasl
2012-02-12 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium2.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2014-A-0106 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0053189
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0031 Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0036787

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-14 MySQL/MariaDB Server geometry query envelope object integer overflow attempt
RuleID : 52423 - Type : SERVER-MYSQL - Revision : 1
2017-11-30 MySQL/MariaDB Server geometry query integer overflow attempt
RuleID : 44674 - Type : SERVER-MYSQL - Revision : 2
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37916 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37915 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37914 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37913 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37912 - Type : POLICY-OTHER - Revision : 3
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37026 - Type : POLICY-OTHER - Revision : 4
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37025 - Type : POLICY-OTHER - Revision : 4
2015-04-14 Lighttpd Host header directory traversal attempt
RuleID : 33817 - Type : SERVER-OTHER - Revision : 4
2015-03-31 MySQL/MariaDB Server geometry query object integer overflow attempt
RuleID : 33637 - Type : SERVER-MYSQL - Revision : 4
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26313 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multistring object integer overflow attempt
RuleID : 26312 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query polygon object integer overflow attempt
RuleID : 26311 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query linestring object integer overflow attempt
RuleID : 26310 - Type : SERVER-MYSQL - Revision : 6
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26309 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multistring object integer overflow attempt
RuleID : 26308 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query polygon object integer overflow attempt
RuleID : 26307 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query linestring object integer overflow attempt
RuleID : 26306 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26305 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multistring object integer overflow attempt
RuleID : 26304 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query polygon object integer overflow attempt
RuleID : 26303 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query linestring object integer overflow attempt
RuleID : 26302 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26301 - Type : SERVER-MYSQL - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: The remote host is missing a vendor-supplied security patch.
File: check_point_gaia_sk106499.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1199.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1200.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-877.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_glibc_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170321_glibc_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-0680.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0051.nasl - Type: ACT_GATHER_INFO
2017-03-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO
2017-03-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-0680.nasl - Type: ACT_GATHER_INFO
2017-02-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201702-11.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-14.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1082.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2074-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1698-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1785-1.nasl - Type: ACT_GATHER_INFO
2016-08-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-573.nasl - Type: ACT_GATHER_INFO
2016-07-25 Name: The remote web server is affected by multiple vulnerabilities.
File: oracle_http_server_cpu_jul_2016.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3621.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1430.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: A video conferencing application running on the remote host is affected by mu...
File: cisco_telepresence_vcs_multiple_880.nasl - Type: ACT_GATHER_INFO