Total
454 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13079 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2019-10-02 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |||||
| CVE-2017-13081 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2019-10-02 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |||||
| CVE-2017-13088 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2019-10-02 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. | |||||
| CVE-2017-15638 | 2 Opensuse, Suse | 5 Leap, Linux Enterprise Desktop, Linux Enterprise Server and 2 more | 2019-10-02 | 6.4 MEDIUM | 6.5 MEDIUM |
| The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. | |||||
| CVE-2017-16232 | 3 Libtiff, Opensuse, Suse | 5 Libtiff, Leap, Linux Enterprise Desktop and 2 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue. | |||||
| CVE-2009-2698 | 3 Canonical, Linux, Suse | 4 Ubuntu Linux, Linux Kernel, Linux Enterprise Desktop and 1 more | 2019-09-05 | 7.2 HIGH | N/A |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | |||||
| CVE-2012-3867 | 6 Canonical, Debian, Opensuse and 3 more | 8 Ubuntu Linux, Debian Linux, Opensuse and 5 more | 2019-07-10 | 4.3 MEDIUM | N/A |
| lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. | |||||
| CVE-2015-5041 | 3 Ibm, Redhat, Suse | 6 Java Sdk, Websphere Application Server, Satellite and 3 more | 2019-06-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. | |||||
| CVE-2015-5006 | 3 Ibm, Redhat, Suse | 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more | 2019-06-19 | 2.1 LOW | N/A |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. | |||||
| CVE-2014-9761 | 5 Canonical, Fedoraproject, Gnu and 2 more | 9 Ubuntu Linux, Fedora, Glibc and 6 more | 2019-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | |||||
| CVE-2015-0192 | 3 Ibm, Redhat, Suse | 8 Java, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-06-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. | |||||
| CVE-2017-17558 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2019-05-14 | 7.2 HIGH | 6.6 MEDIUM |
| The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2016-5244 | 4 Fedoraproject, Linux, Redhat and 1 more | 11 Fedora, Linux Kernel, Enterprise Linux and 8 more | 2019-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. | |||||
| CVE-2016-1000030 | 2 Pidgin, Suse | 2 Pidgin, Linux Enterprise Server | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. | |||||
| CVE-2016-2315 | 3 Git-scm, Opensuse, Suse | 8 Git, Leap, Opensuse and 5 more | 2018-10-30 | 10.0 HIGH | 9.8 CRITICAL |
| revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. | |||||
| CVE-2014-1484 | 6 Google, Mozilla, Opensuse and 3 more | 8 Android, Firefox, Opensuse and 5 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2014-1489 | 6 Canonical, Mozilla, Opensuse and 3 more | 8 Ubuntu Linux, Firefox, Opensuse and 5 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. | |||||
| CVE-2016-1602 | 1 Suse | 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server | 2018-10-30 | 7.2 HIGH | 7.8 HIGH |
| A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | |||||
| CVE-2015-5969 | 2 Opensuse, Suse | 6 Leap, Opensuse, Linux Enterprise Desktop and 3 more | 2018-10-30 | 2.1 LOW | 6.2 MEDIUM |
| The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. | |||||
| CVE-2013-5611 | 7 Canonical, Fedoraproject, Mozilla and 4 more | 9 Ubuntu Linux, Fedora, Firefox and 6 more | 2018-10-30 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. | |||||