Vulnerabilities > Suse > Linux Enterprise Server

DATE CVE VULNERABILITY TITLE RISK
2017-03-15 CVE-2017-5898 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
local
low complexity
qemu suse CWE-190
5.5
5.5
2017-01-30 CVE-2015-7976 7PK - Security Features vulnerability in multiple products
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
network
low complexity
ntp suse novell opensuse CWE-254
4.3
4.3
2016-09-20 CVE-2015-8934 Out-of-bounds Read vulnerability in multiple products
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
local
low complexity
suse canonical libarchive CWE-125
5.5
5.5
2016-09-20 CVE-2015-8933 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
local
low complexity
libarchive suse canonical CWE-190
5.5
5.5
2016-09-20 CVE-2015-8932 Improper Input Validation vulnerability in multiple products
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
local
low complexity
canonical debian suse libarchive CWE-20
5.5
5.5
2016-09-20 CVE-2015-8931 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
local
low complexity
libarchive suse canonical debian CWE-190
7.8
7.8
2016-09-20 CVE-2015-8930 Improper Input Validation vulnerability in multiple products
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
network
low complexity
suse libarchive canonical CWE-20
7.5
7.5
2016-09-20 CVE-2015-8929 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
local
low complexity
suse libarchive CWE-119
5.5
5.5
2016-09-20 CVE-2015-8928 Out-of-bounds Read vulnerability in multiple products
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
local
low complexity
canonical libarchive suse CWE-125
5.5
5.5
2016-09-20 CVE-2015-8926 NULL Pointer Dereference vulnerability in multiple products
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
local
low complexity
canonical suse libarchive CWE-476
5.5
5.5