Novell Suse Linux Enterprise Server — known CVE vulnerabilities
Every CVE whose affected-product data names Novell Suse Linux Enterprise Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (91)
CVE-2015-0240 — CVSS 10.0 (critical): The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x…
CVE-2015-2739 — CVSS 10.0 (critical): The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2015-2733 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2014-6601 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2015-2740 — CVSS 10.0 (critical): Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2015-2726 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of…
CVE-2015-2725 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird…
CVE-2015-2724 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-2722 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2015-0408 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2015-2736 — CVSS 9.3 (critical): The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2015-0395 — CVSS 9.3 (critical): Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2015-2735 — CVSS 9.3 (critical): nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses…
CVE-2016-2834 — CVSS 8.8 (high): Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of…
CVE-2016-2818 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote…
CVE-2016-2815 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of…
CVE-2016-3134 — CVSS 8.4 (high): The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain…
CVE-2016-0376 — CVSS 8.1 (high): The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25…
CVE-2016-0363 — CVSS 8.1 (high): The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25…
CVE-2016-3672 — CVSS 7.8 (high): The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base…
CVE-2017-1000366 — CVSS 7.8 (high): glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias…
CVE-2016-4805 — CVSS 7.8 (high): Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of…
CVE-2016-1583 — CVSS 7.8 (high): The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or…
CVE-2008-2931 — CVSS 7.8 (high): The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN…
CVE-2016-4913 — CVSS 7.8 (high): The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries…
CVE-2016-4997 — CVSS 7.8 (high): The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before…
CVE-2016-5759 — CVSS 7.8 (high): The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code…
CVE-2011-4913 — CVSS 7.8 (high): The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and…
CVE-2015-8918 — CVSS 7.5 (high): The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service…
CVE-2015-2716 — CVSS 7.5 (high): Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote…
CVE-2015-2743 — CVSS 7.5 (high): PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal…
CVE-2016-4485 — CVSS 7.5 (high): The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows…
CVE-2013-4357 — CVSS 7.5 (high): The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of…
CVE-2013-3567 — CVSS 7.5 (high): Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote…
CVE-2014-3687 — CVSS 7.5 (high): The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows…
CVE-2015-2728 — CVSS 7.5 (high): The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x…
CVE-2015-8921 — CVSS 7.5 (high): The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service…
CVE-2015-2708 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird…
CVE-2015-2709 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of…
CVE-2015-8919 — CVSS 7.5 (high): The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause…
CVE-2015-0412 — CVSS 7.2 (high): Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2013-4419 — CVSS 6.8 (medium): The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the…
CVE-2015-2713 — CVSS 6.8 (medium): Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before…
CVE-2015-2710 — CVSS 6.8 (medium): Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before…
CVE-2015-8816 — CVSS 6.8 (medium): The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data…
CVE-2015-8923 — CVSS 6.5 (medium): The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers…
CVE-2011-4914 — CVSS 6.4 (medium): The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the…
CVE-2016-4482 — CVSS 6.2 (medium): The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure…
CVE-2016-2847 — CVSS 6.2 (medium): fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of…
CVE-2014-3690 — CVSS 5.5 (medium): arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4…
CVE-2014-7970 — CVSS 5.5 (medium): The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a…
CVE-2016-3156 — CVSS 5.5 (medium): The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a…
CVE-2014-8559 — CVSS 5.5 (medium): The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows…
CVE-2016-9960 — CVSS 5.5 (medium): game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2016-7796 — CVSS 5.5 (medium): The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message…
CVE-2015-8845 — CVSS 5.5 (medium): The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that…
CVE-2015-8920 — CVSS 5.5 (medium): The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of…
CVE-2015-8922 — CVSS 5.5 (medium): The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of…
CVE-2015-8924 — CVSS 5.5 (medium): The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to…
CVE-2016-4569 — CVSS 5.5 (medium): The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure…
CVE-2015-0383 — CVSS 5.4 (medium): Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4…
CVE-2020-8118 — CVSS 5.0 (medium): An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new…
CVE-2015-0410 — CVSS 5.0 (medium): Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE…
CVE-2015-0400 — CVSS 5.0 (medium): Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors…
CVE-2009-2707 — CVSS 4.9 (medium): Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on…
CVE-2012-6657 — CVSS 4.9 (medium): The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with…
CVE-2016-3137 — CVSS 4.6 (medium): drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL…
CVE-2016-3138 — CVSS 4.6 (medium): The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a…
CVE-2016-3139 — CVSS 4.6 (medium): The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause…
CVE-2016-3140 — CVSS 4.6 (medium): The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers…
CVE-2016-3136 — CVSS 4.6 (medium): The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers…
CVE-2016-2185 — CVSS 4.6 (medium): The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers…
CVE-2016-3689 — CVSS 4.6 (medium): The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers…
CVE-2016-3951 — CVSS 4.6 (medium): Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a…
CVE-2016-2184 — CVSS 4.6 (medium): The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically…
CVE-2016-2188 — CVSS 4.6 (medium): The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to…
CVE-2016-2186 — CVSS 4.6 (medium): The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to…
CVE-2015-7566 — CVSS 4.6 (medium): The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a…
CVE-2016-2187 — CVSS 4.6 (medium): The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a…
CVE-2015-2721 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-2730 — CVSS 4.3 (medium): Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-0423 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2015-0405 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2015-0438 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2015-0439 — CVSS 4.0 (medium): Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown…
CVE-2017-7995 — CVSS 3.8 (low): Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory…
CVE-2015-6815 — CVSS 3.5 (low): The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a…
CVE-2014-3566 — CVSS 3.4 (low): The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for…
CVE-2016-4486 — CVSS 3.3 (low): The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure…
CVE-2012-2313 — CVSS 1.2 (low): The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG…