Vulnerabilities > Novell > Suse Linux Enterprise Server > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
7.5
2017-09-08 CVE-2016-5759 Improper Input Validation vulnerability in multiple products
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
local
low complexity
novell opensuse CWE-20
7.8
2017-06-19 CVE-2017-1000366 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution.
7.8
2016-09-20 CVE-2015-8921 Out-of-bounds Read vulnerability in multiple products
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
network
low complexity
novell libarchive canonical CWE-125
7.5
2016-09-20 CVE-2015-8919 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
network
low complexity
canonical libarchive novell CWE-119
7.5
2016-09-20 CVE-2015-8918 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
network
low complexity
novell libarchive CWE-119
7.5
2016-07-03 CVE-2016-4997 Permissions, Privileges, and Access Controls vulnerability in multiple products
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
local
low complexity
linux canonical novell oracle debian CWE-264
7.8
2016-06-27 CVE-2016-1583 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
local
low complexity
linux novell canonical debian CWE-119
7.8
2016-06-13 CVE-2016-2834 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
canonical opensuse mozilla novell
8.8
2016-06-13 CVE-2016-2818 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8.8