Vulnerabilities > Suse > Linux Enterprise Server > 12

DATE CVE VULNERABILITY TITLE RISK
2016-09-20 CVE-2015-8930 Improper Input Validation vulnerability in multiple products
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
network
low complexity
suse libarchive canonical CWE-20
7.5
7.5
2016-09-20 CVE-2015-8929 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
local
low complexity
suse libarchive CWE-119
5.5
5.5
2016-09-20 CVE-2015-8928 Out-of-bounds Read vulnerability in multiple products
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
local
low complexity
canonical libarchive suse CWE-125
5.5
5.5
2016-09-20 CVE-2015-8926 NULL Pointer Dereference vulnerability in multiple products
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
local
low complexity
canonical suse libarchive CWE-476
5.5
5.5
2016-09-20 CVE-2015-8925 Out-of-bounds Read vulnerability in multiple products
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
local
low complexity
canonical libarchive suse CWE-125
5.5
5.5
2016-07-05 CVE-2016-4957 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.
network
low complexity
ntp oracle novell suse opensuse CWE-476
7.5
7.5
2016-07-05 CVE-2016-4956 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.
network
low complexity
ntp oracle novell suse opensuse siemens
5.3
5.3
2016-07-05 CVE-2016-4955 Race Condition vulnerability in multiple products
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
network
high complexity
ntp oracle novell suse opensuse siemens CWE-362
5.9
5.9
2016-07-05 CVE-2016-4954 Race Condition vulnerability in multiple products
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
network
low complexity
ntp oracle suse opensuse siemens CWE-362
7.5
7.5
2016-07-05 CVE-2016-4953 Improper Authentication vulnerability in multiple products
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
network
low complexity
ntp oracle suse opensuse siemens CWE-287
7.5
7.5