Vulnerabilities > Suse > Linux Enterprise Desktop > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-04-19 CVE-2015-8778 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
network
low complexity
fedoraproject debian canonical gnu suse opensuse CWE-119
critical
 9.8
9.8
2016-04-19 CVE-2015-8779 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
network
low complexity
suse opensuse canonical debian gnu fedoraproject CWE-119
critical
 9.8
9.8
2015-07-16 CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
network
low complexity
oracle canonical debian suse opensuse redhat
critical
 9.8
9.8
2015-07-14 CVE-2015-5122 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
network
low complexity
adobe redhat suse opensuse CWE-416
critical
 9.8
9.8
2015-07-14 CVE-2015-5123 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
network
low complexity
redhat suse opensuse adobe CWE-416
critical
 9.8
9.8
2015-07-08 CVE-2015-5119 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
network
low complexity
adobe redhat suse opensuse CWE-416
critical
 9.8
9.8
2015-06-23 CVE-2015-3113 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
network
low complexity
adobe opensuse suse hp redhat CWE-787
critical
 9.8
9.8
2015-02-02 CVE-2015-0313 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
network
low complexity
adobe suse opensuse microsoft CWE-416
critical
 9.8
9.8
2015-01-23 CVE-2015-0311 Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
network
low complexity
adobe suse microsoft
critical
 9.8
9.8
2014-09-25 CVE-2014-7169 OS Command Injection vulnerability in multiple products
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. 		9.8
9.8