Vulnerabilities > Suse > Linux Enterprise Server > 12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-17 | CVE-2017-13079 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. | 2.9 |
| 2017-10-17 | CVE-2017-13078 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. | 2.9 |
| 2017-10-17 | CVE-2017-13077 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | 5.4 |
| 2017-10-04 | CVE-2017-14491 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | 9.8 |
| 2017-07-21 | CVE-2015-5300 | 7PK - Time and State vulnerability in multiple Linux Systems The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | 5.0 |
| 2017-06-19 | CVE-2017-1000366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. | 7.2 |
| 2017-04-13 | CVE-2015-8567 | Memory Leak vulnerability in multiple products Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | 6.8 |
| 2017-04-05 | CVE-2015-4680 | Improper Certificate Validation vulnerability in multiple products FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | 5.0 |
| 2017-03-23 | CVE-2016-9398 | Reachable Assertion vulnerability in multiple products The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | 7.5 |
| 2017-03-23 | CVE-2016-1602 | Code Injection vulnerability in Suse products A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | 7.8 |