This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2007-03-06
Product Linux Enterprise Server Last view 2023-04-25
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:* 87
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:* 83
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:* 76
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:* 72
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:* 61
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:* 60
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:* 52
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:* 49
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:* 47
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* 42
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:* 37
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:* 31
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* 30
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:* 26
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:* 24
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:* 23
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* 17
cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:* 15
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:* 14
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* 14
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:* 13
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:* 12
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:* 11
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:* 10
cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:* 7
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:* 7
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* 7
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:* 5
cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:* 4
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:-:*:*:* 4
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:* 4
cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:* 4
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:* 4
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:* 4
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:* 4
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:* 4
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:vmware:*:*:*:*:* 3
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:* 3
cpe:2.3:o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* 3
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:* 3
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:* 3
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:vmware:*:*:* 3
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:-:-:*:* 3
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:* 2
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:* 2
cpe:2.3:o:suse:linux_enterprise_server:12.0:sp1:*:*:*:*:*:* 2
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:vmware:*:* 2
cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:* 2
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:* 2
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:*:*:*:* 2

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2023-04-25 CVE-2023-29552

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

5.5 2023-03-01 CVE-2023-23005

In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.

7.8 2023-02-15 CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.

4.4 2022-10-06 CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.

5.5 2022-09-29 CVE-2015-1931

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

7.8 2022-04-27 CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

7.8 2022-02-19 CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

7.8 2022-01-28 CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

7.5 2021-11-11 CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

7.1 2021-07-28 CVE-2021-32000

A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.

7.1 2021-06-02 CVE-2018-10195

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

9.3 2020-08-07 CVE-2020-8025

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.

2.5 2020-03-02 CVE-2020-8013

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

9.8 2020-03-02 CVE-2019-18903

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.

9.8 2020-03-02 CVE-2019-18902

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.

5.5 2020-03-02 CVE-2019-18901

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

7.8 2020-03-02 CVE-2019-18897

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.

7.8 2020-02-17 CVE-2014-1947

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

6.8 2020-01-27 CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

3.3 2020-01-24 CVE-2019-3687

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

8.8 2020-01-02 CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.

8.8 2019-11-25 CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

7.5 2019-11-15 CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

5.3 2019-06-18 CVE-2019-11038

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
13% (47) CWE-416 Use After Free
9% (34) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (26) CWE-200 Information Exposure
7% (25) CWE-476 NULL Pointer Dereference
7% (24) CWE-787 Out-of-bounds Write
6% (23) CWE-190 Integer Overflow or Wraparound
6% (21) CWE-20 Improper Input Validation
3% (13) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (10) CWE-330 Use of Insufficiently Random Values
2% (10) CWE-125 Out-of-bounds Read
2% (9) CWE-362 Race Condition
2% (8) CWE-264 Permissions, Privileges, and Access Controls
2% (7) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (6) CWE-269 Improper Privilege Management
1% (6) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (5) CWE-295 Certificate Issues
1% (5) CWE-189 Numeric Errors
1% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (4) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (3) CWE-399 Resource Management Errors
0% (3) CWE-346 Origin Validation Error
0% (3) CWE-287 Improper Authentication
0% (3) CWE-17 Code
0% (2) CWE-772 Missing Release of Resource after Effective Lifetime
0% (2) CWE-732 Incorrect Permission Assignment for Critical Resource

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-23 File System Function Injection, Content Based
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery (aka Session Riding)
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-94 Man in the Middle Attack
CAPEC-99 XML Parser Attack
CAPEC-112 Brute Force
CAPEC-114 Authentication Abuse
CAPEC-122 Exploitation of Authorization
CAPEC-139 Relative Path Traversal
CAPEC-172 Time and State Attacks
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-232 Exploitation of Privilege/Trust

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:11017 The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote ...
oval:org.mitre.oval:def:10719 The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2...
oval:org.mitre.oval:def:9539 Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Ap...
oval:org.mitre.oval:def:20265 Multiple vulnerabilities in the X server
oval:org.mitre.oval:def:19689 HP-UX Running Xserver, Remote Execution of Arbitrary Code
oval:org.mitre.oval:def:10372 The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent a...
oval:org.mitre.oval:def:8916 The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly c...
oval:org.mitre.oval:def:7816 DSA-1565 linux-2.6 -- several vulnerabilities
oval:org.mitre.oval:def:19757 DSA-1565-1 linux-2.6 - several vulnerabilities
oval:org.mitre.oval:def:11843 Race condition in the directory notification subsystem (dnotify) in Linux ker...
oval:org.mitre.oval:def:9905 QEMU 0.9.0 does not properly handle changes to removable media, which allows ...
oval:org.mitre.oval:def:7873 DSA-1799 qemu -- several vulnerabilities
oval:org.mitre.oval:def:7938 DSA-1719 gnutls13 -- design flaw
oval:org.mitre.oval:def:17875 USN-678-1 -- gnutls12, gnutls13, gnutls26 vulnerability
oval:org.mitre.oval:def:17801 USN-678-2 -- gnutls12, gnutls13, gnutls26 regression
oval:org.mitre.oval:def:13825 USN-809-1 -- gnutls12, gnutls13, gnutls26 vulnerabilities
oval:org.mitre.oval:def:13629 DSA-1719-2 gnutls13, gnutls26 -- design flaw
oval:org.mitre.oval:def:12790 DSA-1719-1 gnutls13 -- design flaw
oval:org.mitre.oval:def:11650 The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutl...
oval:org.mitre.oval:def:22750 ELSA-2008:0982: gnutls security update (Moderate)
oval:org.mitre.oval:def:29020 RHSA-2008:0982 -- gnutls security update (Moderate)
oval:org.mitre.oval:def:9642 nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thun...
oval:org.mitre.oval:def:6557 DSA-1750 libpng -- several vulnerabilities
oval:org.mitre.oval:def:6458 Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability
oval:org.mitre.oval:def:13613 DSA-1750-1 libpng -- several

SAINT Exploits

Description Link
Firefox AttributeChildRemoved Use After Free More info here
Polkit pkexec privilege elevation More info here
Linux kernel futex_requeue privilege elevation More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here
Telnetd Encryption Key ID Code Execution More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78556 Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis...
78293 Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
78148 Google Chrome libxml2 parser.c xmlStringLenDecodeEntities() Function Remote O...
78020 FreeBSD telnetd Multiple telnet/libtelnet/encrypt.c encrypt_keyid() Function ...
78014 Linux Kernel SG_IO SCSI IOCTL Command Parsing Local Privilege Escalation
77596 JasPer src/libjasper/jpc/jpc_cs.c jpc_crg_getparms() Function CRG Marker Segm...
77595 JasPer src/libjasper/jpc/jpc_cs.c jpc_cox_getcompparms() Function COD Market ...
77301 NetworkManager ESSID PEAP / EAP-TTLS 802.11x Authentication MitM Weakness
77092 Linux Kernel fs/jbd/journal.c journal_get_superblock() ext3 Image Handling Lo...
77014 Apple iOS CoreGraphics Component src/cid/cidload.c FreeType CID-keyed Type 1 ...
74721 Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
73617 Kerberos Applications GSS-API FTP Daemon EGID Privilege Matching Restriction ...
73388 Multiple Vendor libc Implentation fnmatch.c Memory Consumption DoS
73383 Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop...
73340 vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
73046 Linux Kernel fs/partitions/osf.c osf_partition Function Partition Table Parsi...
71265 Linux Kernel epoll Nested Structures Local DoS
70336 Linux Kernel net/l2tp/l2tp_ip.c l2tp_ip_sendmsg Function Crafted sendto Call ...
70335 Linux Kernel net/l2tp/l2tp_ppp.c pppol2tp_sendmsg Function Crafted sendto Cal...
70291 Linux Kernel net/x25/x25_facilities.c x25_parse_facilities Function Facility ...
70269 Linux Kernel net/econet/af_econet.c aun_incoming Function UDP AUN Packet Remo...
70265 Linux Kernel kernel/exit.c do_exit Function KERNEL_DS get_fs Value Handling L...
70262 Linux Kernel net/econet/af_econet.c ec_dev_ioctl Function SIOCSIFADDR IOCTL e...
70261 Linux Kernel net/econet/af_econet.c econet_sendmsg Function sendmsg Call Loca...
70260 Linux Kernel net/econet/af_econet.c econet_sendmsg Function iovec Structure L...

ExploitDB Exploits

id Description
35370 Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406
31688 ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
18221 Apache HTTP Server Denial of Service
17787 Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit
16952 Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS
16270 vsftpd 2.3.2 Denial of Service Vulnerability
16263 Linux Kernel <= 2.6.37 Local Kernel Denial of Service
15704 Linux Kernel <= 2.6.37 - Local Privilege Escalation
15344 Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
15285 Linux RDS Protocol Local Privilege Escalation
15150 Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure
14814 Linux Kernel < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit
14422 libpng <= 1.4.2 Denial of Service Vulnerability
11203 Pidgin MSN <= 2.6.4 File Download Vulnerability
9575 Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit
9574 Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)
9542 Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit
8572 Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial ...
File : nvt/deb_2389_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities)
File : nvt/deb_2406_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2443-1 (linux-2.6 - privilege escalation/denial ...
File : nvt/deb_2443_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2469-1 (linux-2.6 - privilege escalation/denial ...
File : nvt/deb_2469_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-18 Name : Fedora Update for kernel FEDORA-2012-20240
File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,)
File : nvt/gb_suse_2012_0760_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1064_1.nasl
2012-12-13 Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu)
File : nvt/gb_suse_2012_1170_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security)
File : nvt/gb_suse_2012_1172_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security)
File : nvt/gb_suse_2012_1174_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1345_1.nasl
2012-12-13 Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite)
File : nvt/gb_suse_2012_1412_1.nasl
2012-12-13 Name : SuSE Update for XEN openSUSE-SU-2012:1572-1 (XEN)
File : nvt/gb_suse_2012_1572_1.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18931
File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18952
File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl
2012-12-04 Name : Ubuntu Update for firefox USN-1638-3
File : nvt/gb_ubuntu_USN_1638_3.nasl
2012-11-29 Name : Fedora Update for kernel FEDORA-2012-18691
File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl
2012-11-26 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox72.nasl
2012-11-26 Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)
File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-A-0202 Citrix XenServer Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0061343
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2015-A-0150 Multiple Security Vulnerabilities in Juniper Networks CTPView
Severity: Category I - VMSKEY: V0061073
2015-A-0113 Multiple Vulnerabilities in Juniper Networks CTPOS
Severity: Category I - VMSKEY: V0060737
2014-A-0172 Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity: Category I - VMSKEY: V0057381
2014-B-0103 Multiple Vulnerabilities in VMware Horizon View Client
Severity: Category I - VMSKEY: V0053509
2014-B-0102 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity: Category I - VMSKEY: V0053507
2014-B-0101 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity: Category I - VMSKEY: V0053505
2014-A-0115 Multiple Vulnerabilities in VMware Horizon View
Severity: Category I - VMSKEY: V0053501
2014-B-0097 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0053319
2014-A-0106 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0053189
2014-B-0095 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0053177
2014-A-0111 Multiple Vulnerabilities in VMware Workstation
Severity: Category I - VMSKEY: V0053179
2014-A-0110 Multiple Vulnerabilities in VMware Player
Severity: Category I - VMSKEY: V0053181
2014-A-0109 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0053183
2014-A-0100 Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity: Category I - VMSKEY: V0053201
2014-A-0099 Multiple Vulnerabilities in McAfee Email Gateway
Severity: Category I - VMSKEY: V0053203
2014-B-0088 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0052911
2014-B-0089 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0052909
2014-B-0091 Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity: Category I - VMSKEY: V0052907
2014-B-0085 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0052899
2014-B-0092 Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity: Category I - VMSKEY: V0052893
2014-A-0089 Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity: Category I - VMSKEY: V0052805
2014-A-0087 Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity: Category I - VMSKEY: V0052637
2014-B-0079 Multiple Vulnerabilities in IBM AIX
Severity: Category I - VMSKEY: V0052641

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-02-25 OpenSSL anonymous ECDH denial of service attempt
RuleID : 52626 - Type : SERVER-OTHER - Revision : 1
2020-02-25 OpenSSL anonymous ECDH denial of service attempt
RuleID : 52625 - Type : SERVER-OTHER - Revision : 1
2020-01-14 MySQL/MariaDB Server geometry query envelope object integer overflow attempt
RuleID : 52423 - Type : SERVER-MYSQL - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52307 - Type : FILE-IMAGE - Revision : 1
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52306 - Type : FILE-IMAGE - Revision : 1
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52133 - Type : FILE-OTHER - Revision : 2
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52132 - Type : FILE-OTHER - Revision : 2
2018-03-27 ISC BIND malformed data channel authentication message denial of service attempt
RuleID : 45738 - Type : SERVER-OTHER - Revision : 1
2018-03-23 NTP crypto-NAK denial of service attempt
RuleID : 45693 - Type : SERVER-OTHER - Revision : 3
2017-12-13 NTP crypto-NAK denial of service attempt
RuleID : 44756 - Type : SERVER-OTHER - Revision : 3
2017-11-30 MySQL/MariaDB Server geometry query integer overflow attempt
RuleID : 44674 - Type : SERVER-MYSQL - Revision : 2
2017-11-28 WPA2 key reuse tool attempt
RuleID : 44640 - Type : POLICY-OTHER - Revision : 2
2017-09-06 ISC BIND malformed control channel authentication message denial of service a...
RuleID : 43846 - Type : SERVER-OTHER - Revision : 2
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2016-10-25 Mozilla Firefox file type memory corruption attempt
RuleID : 40280 - Type : BROWSER-FIREFOX - Revision : 1
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39097 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39096 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39095 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39094 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39093 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39092 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39091 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39090 - Type : FILE-IMAGE - Revision : 2
2016-05-27 ISC BIND malformed control channel authentication message denial of service a...
RuleID : 38622 - Type : SERVER-OTHER - Revision : 4
2016-04-05 Apache HTTP server potential cookie disclosure attempt
RuleID : 37968 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-1198005e1f.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-c424e3bb72.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1628.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-87f2ace20d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-a5953af115.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-cb337fb199.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-09.nasl - Type: ACT_GATHER_INFO
2018-12-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL06493172.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1130.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2838.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2911.nasl - Type: ACT_GATHER_INFO
2018-11-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-c73d257297.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4338.nasl - Type: ACT_GATHER_INFO
2018-10-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1555.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1296.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1232.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1234.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1260.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-063.nasl - Type: ACT_GATHER_INFO
2018-08-20 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-055.nasl - Type: ACT_GATHER_INFO