Vulnerabilities > Novell > Suse Linux Enterprise Server

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2020-8118 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
network
low complexity
nextcloud novell opensuse CWE-918
5.0
2020-01-31 CVE-2015-6815 Infinite Loop vulnerability in multiple products
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
3.5
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
7.5
2017-09-08 CVE-2016-5759 Improper Input Validation vulnerability in multiple products
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
local
low complexity
novell opensuse CWE-20
7.8
2017-06-19 CVE-2017-1000366 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution.
7.8
2017-06-06 CVE-2016-9961 Numeric Errors vulnerability in multiple products
game-music-emu before 0.6.1 mishandles unspecified integer values.
9.8
2017-06-06 CVE-2016-9960 Divide By Zero vulnerability in multiple products
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
5.5
2017-05-03 CVE-2017-7995 Information Exposure vulnerability in multiple products
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure.
local
low complexity
xen novell suse CWE-200
3.8
2016-10-13 CVE-2016-7796 Improper Input Validation vulnerability in multiple products
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
local
low complexity
systemd-project novell redhat CWE-20
5.5
2016-09-20 CVE-2015-8924 Out-of-bounds Read vulnerability in multiple products
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
local
low complexity
libarchive novell canonical CWE-125
5.5