Suse

Suse Linux Enterprise Server

131 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2016-9959

Exploit
  • EPSS 0.31%
  • Veröffentlicht 12.04.2017 20:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

7.8

CVE-2016-1602

  • EPSS 0.11%
  • Veröffentlicht 23.03.2017 06:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfi...

7.5

CVE-2014-9854

  • EPSS 1.51%
  • Veröffentlicht 17.03.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

4.3

CVE-2015-7976

  • EPSS 2.73%
  • Veröffentlicht 30.01.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

7.5

CVE-2016-5244

  • EPSS 0.77%
  • Veröffentlicht 27.06.2016 10:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

9.1

CVE-2015-5041

  • EPSS 1%
  • Veröffentlicht 06.06.2016 17:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

6.8

CVE-2016-0264

  • EPSS 9.84%
  • Veröffentlicht 24.05.2016 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows re...

10

CVE-2016-3714

Warnung
  • EPSS 93.75%
  • Veröffentlicht 05.05.2016 18:59:03
  • Zuletzt bearbeitet 22.10.2025 00:15:51

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "I...

9.8

CVE-2015-8779

  • EPSS 7.63%
  • Veröffentlicht 19.04.2016 21:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

9.1

CVE-2015-8776

  • EPSS 6.32%
  • Veröffentlicht 19.04.2016 21:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.