Filtered by vendor Suse Subscriptions
Filtered by product Linux Enterprise Server Subscriptions
Total 498 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-8931 5 Canonical, Debian, Libarchive and 2 more 7 Ubuntu Linux, Debian Linux, Libarchive and 4 more 2024-11-21 N/A
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
CVE-2015-8930 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2024-11-21 N/A
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
CVE-2015-8929 2 Libarchive, Suse 4 Libarchive, Linux Enterprise Desktop, Linux Enterprise Server and 1 more 2024-11-21 N/A
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
CVE-2015-8928 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2024-11-21 N/A
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8926 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2024-11-21 N/A
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE-2015-8925 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2024-11-21 N/A
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CVE-2015-8816 3 Linux, Novell, Suse 11 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 8 more 2024-11-21 6.8 Medium
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.
CVE-2015-8779 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 N/A
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2015-8778 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 N/A
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVE-2015-8776 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 N/A
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2015-8567 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 7.7 High
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-8551 4 Debian, Linux, Opensuse and 1 more 8 Debian Linux, Linux Kernel, Opensuse and 5 more 2024-11-21 6.0 Medium
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."
CVE-2015-8126 9 Apple, Canonical, Debian and 6 more 24 Mac Os X, Ubuntu Linux, Debian Linux and 21 more 2024-11-21 N/A
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVE-2015-7976 4 Novell, Ntp, Opensuse and 1 more 10 Suse Openstack Cloud, Ntp, Leap and 7 more 2024-11-21 N/A
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more 2024-11-21 N/A
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2015-6855 6 Arista, Canonical, Debian and 3 more 7 Eos, Ubuntu Linux, Debian Linux and 4 more 2024-11-21 7.5 High
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
CVE-2015-5969 2 Opensuse, Suse 6 Leap, Opensuse, Linux Enterprise Desktop and 3 more 2024-11-21 N/A
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.
CVE-2015-5300 7 Canonical, Debian, Fedoraproject and 4 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-11-21 N/A
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVE-2015-5239 5 Arista, Canonical, Fedoraproject and 2 more 8 Eos, Ubuntu Linux, Fedora and 5 more 2024-11-21 6.5 Medium
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
CVE-2015-5219 10 Canonical, Debian, Fedoraproject and 7 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-11-21 7.5 High
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.