Vulnerabilities > Novell > Suse Linux Enterprise Software Development KIT > High

DATE CVE VULNERABILITY TITLE RISK
2016-09-20 CVE-2015-8921 Out-of-bounds Read vulnerability in multiple products
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
network
low complexity
novell libarchive canonical CWE-125
7.5
2016-09-20 CVE-2015-8919 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
network
low complexity
canonical libarchive novell CWE-119
7.5
2016-09-20 CVE-2015-8918 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
network
low complexity
novell libarchive CWE-119
7.5
2016-07-03 CVE-2016-4997 Permissions, Privileges, and Access Controls vulnerability in multiple products
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
local
low complexity
linux canonical novell oracle debian CWE-264
7.8
2016-06-27 CVE-2016-1583 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
local
low complexity
linux novell canonical debian CWE-119
7.8
2016-06-13 CVE-2016-2834 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
canonical opensuse mozilla novell
8.8
2016-06-13 CVE-2016-2818 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8.8
2016-06-13 CVE-2016-2815 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical novell opensuse CWE-119
8.8
2016-06-03 CVE-2016-0376 The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.
network
high complexity
novell ibm redhat
8.1
2016-06-03 CVE-2016-0363 Improper Input Validation vulnerability in multiple products
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.
network
high complexity
redhat novell ibm CWE-20
8.1