Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe
Filtered by product Suse Linux Enterprise Server
Total 94 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2186 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2025-04-12 4.9 MEDIUM 4.6 MEDIUM
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2012-6657 2 Linux, Novell 2 Linux Kernel, Suse Linux Enterprise Server 2025-04-12 4.9 MEDIUM N/A
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.
CVE-2014-3690 7 Canonical, Debian, Linux and 4 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
CVE-2016-0363 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2025-04-12 6.8 MEDIUM 8.1 HIGH
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
CVE-2015-8923 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVE-2015-8921 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-0438 2 Novell, Oracle 4 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 1 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
CVE-2015-7566 2 Linux, Novell 5 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Real Time Extension and 2 more 2025-04-12 4.9 MEDIUM 4.6 MEDIUM
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
CVE-2015-2728 3 Mozilla, Novell, Oracle 5 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 2 more 2025-04-12 7.5 HIGH N/A
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.
CVE-2016-7796 3 Novell, Redhat, Systemd Project 9 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 6 more 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
CVE-2016-2834 4 Canonical, Mozilla, Novell and 1 more 8 Ubuntu Linux, Firefox, Network Security Services and 5 more 2025-04-12 9.3 HIGH 8.8 HIGH
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2014-8559 6 Canonical, Linux, Novell and 3 more 11 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 8 more 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
CVE-2015-0405 2 Novell, Oracle 4 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 1 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.
CVE-2016-4805 5 Canonical, Linux, Novell and 2 more 12 Ubuntu Linux, Linux Kernel, Opensuse Leap and 9 more 2025-04-12 7.2 HIGH 7.8 HIGH
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
CVE-2015-8845 3 Linux, Novell, Suse 8 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 5 more 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
CVE-2015-2713 3 Mozilla, Novell, Opensuse 7 Firefox, Firefox Esr, Thunderbird and 4 more 2025-04-12 6.8 MEDIUM N/A
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
CVE-2016-2818 6 Canonical, Debian, Mozilla and 3 more 21 Ubuntu Linux, Debian Linux, Firefox and 18 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-0423 2 Novell, Oracle 5 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 2 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2015-8924 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
CVE-2016-4485 3 Canonical, Linux, Novell 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.