Vulnerabilities > Novell > Suse Linux Enterprise Software Development KIT

DATE CVE VULNERABILITY TITLE RISK
2016-09-20 CVE-2015-8918 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
network
low complexity
novell libarchive CWE-119
7.5
2016-07-03 CVE-2016-4997 Permissions, Privileges, and Access Controls vulnerability in multiple products
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
local
low complexity
linux canonical novell oracle debian CWE-264
7.8
2016-06-27 CVE-2016-1583 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
local
low complexity
linux novell canonical debian CWE-119
7.8
2016-06-13 CVE-2016-2834 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
canonical opensuse mozilla novell
8.8
2016-06-13 CVE-2016-2818 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8.8
2016-06-13 CVE-2016-2815 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical novell opensuse CWE-119
8.8
2016-06-03 CVE-2016-0376 The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.
network
high complexity
novell ibm redhat
8.1
2016-06-03 CVE-2016-0363 Improper Input Validation vulnerability in multiple products
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.
network
high complexity
redhat novell ibm CWE-20
8.1
2016-05-23 CVE-2016-4913 Information Exposure vulnerability in multiple products
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
local
low complexity
canonical linux oracle novell CWE-200
7.8
2016-05-23 CVE-2016-4805 Use After Free vulnerability in multiple products
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
local
low complexity
novell redhat canonical linux oracle CWE-416
7.8