Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Suse Subscribe
Filtered by product Linux Enterprise Server
Total 454 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8931 4 Canonical, Debian, Libarchive and 1 more 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more 2018-01-04 6.8 MEDIUM 7.8 HIGH
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
CVE-2015-8932 4 Canonical, Debian, Libarchive and 1 more 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CVE-2015-2575 3 Debian, Mysql, Suse 5 Debian Linux, Mysql, Linux Enterprise Desktop and 2 more 2017-11-09 4.9 MEDIUM N/A
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
CVE-2015-8933 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2017-11-03 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
CVE-2011-3171 2 Pureftpd, Suse 3 Pure-ftpd, Linux Enterprise Desktop, Linux Enterprise Server 2017-08-28 3.6 LOW N/A
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
CVE-2015-8929 2 Libarchive, Suse 4 Libarchive, Linux Enterprise Desktop, Linux Enterprise Server and 1 more 2017-06-30 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
CVE-2014-4038 3 Ppc64-diag Project, Redhat, Suse 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server 2017-01-06 4.4 MEDIUM N/A
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.
CVE-2014-4039 3 Ppc64-diag Project, Redhat, Suse 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server 2017-01-06 2.1 LOW N/A
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
CVE-2015-2576 2 Oracle, Suse 4 Mysql, Linux Enterprise Desktop, Linux Enterprise Server and 1 more 2017-01-03 2.1 LOW N/A
Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.
CVE-2016-1601 1 Suse 4 Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit and 1 more 2016-11-30 10.0 HIGH 9.8 CRITICAL
yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.
CVE-2013-6501 2 Php, Suse 2 Php, Linux Enterprise Server 2016-11-29 4.6 MEDIUM N/A
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.
CVE-2014-1501 4 Google, Mozilla, Oracle and 1 more 6 Android, Firefox, Solaris and 3 more 2016-11-17 5.8 MEDIUM N/A
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.
CVE-2013-2021 3 Canonical, Clamav, Suse 3 Ubuntu Linux, Clamav, Linux Enterprise Server 2015-09-28 4.3 MEDIUM N/A
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
CVE-2013-2020 3 Canonical, Clamav, Suse 3 Ubuntu Linux, Clamav, Linux Enterprise Server 2015-09-28 5.0 MEDIUM N/A
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.