Suse Linux Enterprise Debuginfo — known CVE vulnerabilities
Every CVE whose affected-product data names Suse Linux Enterprise Debuginfo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (54)
CVE-2015-8778 — CVSS 9.8 (critical): Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
CVE-2016-5118 — CVSS 9.8 (critical): The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a |…
CVE-2014-9761 — CVSS 9.8 (critical): Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a…
CVE-2016-2324 — CVSS 9.8 (critical): Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees…
CVE-2016-2315 — CVSS 9.8 (critical): revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long…
CVE-2016-0718 — CVSS 9.8 (critical): Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input…
CVE-2017-18017 — CVSS 9.8 (critical): The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote…
CVE-2015-8779 — CVSS 9.8 (critical): Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent…
CVE-2017-14491 — CVSS 9.8 (critical): Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code…
CVE-2016-5772 — CVSS 9.8 (critical): Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23…
CVE-2008-5021 — CVSS 9.3 (critical): nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13…
CVE-2015-5165 — CVSS 9.3 (critical): The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers…
CVE-2015-8776 — CVSS 9.1 (critical): The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
CVE-2016-3068 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-3630 — CVSS 8.8 (high): The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull…
CVE-2016-3069 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-1286 — CVSS 8.6 (high): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure…
CVE-2015-7547 — CVSS 8.1 (high): Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc…
CVE-2009-3620 — CVSS 7.8 (high): The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state…
CVE-2015-8567 — CVSS 7.7 (high): Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-5194 — CVSS 7.5 (high): The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd…
CVE-2015-3209 — CVSS 7.5 (high): Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with…
CVE-2015-5219 — CVSS 7.5 (high): The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which…
CVE-2015-5300 — CVSS 7.5 (high): The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128…
CVE-2016-5244 — CVSS 7.5 (high): The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which…
CVE-2015-5154 — CVSS 7.2 (high): Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled…
CVE-2009-1185 — CVSS 7.2 (high): udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by…
CVE-2009-2903 — CVSS 7.1 (high): Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp…
CVE-2018-10195 — CVSS 7.1 (high): lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that…
CVE-2015-1781 — CVSS 6.8 (medium): Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows…
CVE-2015-1283 — CVSS 6.8 (medium): Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other…
CVE-2016-1285 — CVSS 6.8 (medium): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages…
CVE-2015-5239 — CVSS 6.5 (medium): Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a…
CVE-2016-2317 — CVSS 5.5 (medium): Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file…
CVE-2015-8808 — CVSS 5.5 (medium): The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized…
CVE-2016-0651 — CVSS 5.5 (medium): Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
CVE-2016-2318 — CVSS 5.5 (medium): GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to…
CVE-2014-9853 — CVSS 5.5 (medium): Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVE-2019-11038 — CVSS 5.3 (medium): When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP…
CVE-2015-0272 — CVSS 5.0 (medium): GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6…
CVE-2013-4458 — CVSS 5.0 (medium): Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and…
CVE-2016-0642 — CVSS 4.7 (medium): Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect…
CVE-2016-2782 — CVSS 4.6 (medium): The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a…
CVE-2009-2472 — CVSS 4.3 (medium): Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote…
CVE-2015-7976 — CVSS 4.3 (medium): The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special…
CVE-2015-2808 — CVSS 3.7 (low): The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the…
CVE-2009-1186 — CVSS 2.1 (low): Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of…
CVE-2009-2910 — CVSS 2.1 (low): arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a…