Novell Suse Linux Enterprise Server vulnerabilities

91 known vulnerabilities affecting novell/suse_linux_enterprise_server.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL14HIGH28MEDIUM44LOW5

Vulnerabilities

Page 2 of 5

CVE-2016-2818HIGHCVSS 8.8v12.02016-06-13

CVE-2016-2818 [HIGH] CWE-119 CVE-2016-2818: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefo Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

nvd

CVE-2016-0376HIGHCVSS 8.1v11.0v12.02016-06-03

CVE-2016-0376 [HIGH] CVE-2016-0376: The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a s

nvd

CVE-2016-0363HIGHCVSS 8.1v11.0v12.02016-06-03

CVE-2016-0363 [HIGH] CVE-2016-0363: The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 ( The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote atta

nvd

CVE-2016-4913HIGHCVSS 7.8v11.02016-05-23

CVE-2016-4913 [HIGH] CWE-200 CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.

nvd

CVE-2016-4805HIGHCVSS 7.8v11.0v12.02016-05-23

CVE-2016-4805 [HIGH] CWE-416 CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allow Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.

nvd

CVE-2016-4485HIGHCVSS 7.5v112016-05-23

CVE-2016-4485 [HIGH] CWE-200 CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

nvd

CVE-2016-4569MEDIUMCVSS 5.5v11.0v12.02016-05-23

CVE-2016-4569 [MEDIUM] CWE-200 CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not in The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

nvd

CVE-2016-4482MEDIUMCVSS 6.2v11.0v12.02016-05-23

CVE-2016-4482 [MEDIUM] CWE-200 CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not i The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

nvd

CVE-2016-4486LOWCVSS 3.3PoCv11.0v12.02016-05-23

CVE-2016-4486 [LOW] CWE-200 CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

nvd

CVE-2016-2188MEDIUMCVSS 4.6PoCv11.0v12.02016-05-02

CVE-2016-2188 [MEDIUM] CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

nvd

CVE-2016-2185MEDIUMCVSS 4.6v11.0v12.02016-05-02

CVE-2016-2185 [MEDIUM] CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

nvd

CVE-2016-3951MEDIUMCVSS 4.6v12.02016-05-02

CVE-2016-3951 [MEDIUM] CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physica Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

nvd

CVE-2016-3140MEDIUMCVSS 4.6PoCv11.0v12.02016-05-02

CVE-2016-3140 [MEDIUM] CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

nvd

CVE-2016-3137MEDIUMCVSS 4.6v11.0v12.02016-05-02

CVE-2016-3137 [MEDIUM] CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attacke drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

nvd

CVE-2016-3136MEDIUMCVSS 4.6PoCv12.02016-05-02

CVE-2016-3136 [MEDIUM] CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

nvd

CVE-2016-2186MEDIUMCVSS 4.6v11.0v12.02016-05-02

CVE-2016-2186 [MEDIUM] CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allo The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

nvd

CVE-2016-3689MEDIUMCVSS 4.6v12.02016-05-02

CVE-2016-3689 [MEDIUM] CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

nvd

CVE-2016-2187MEDIUMCVSS 4.6v112016-05-02

CVE-2016-2187 [MEDIUM] CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows phys The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

nvd

CVE-2016-3138MEDIUMCVSS 4.6v11.0v12.02016-05-02

CVE-2016-3138 [MEDIUM] CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physic The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

nvd

CVE-2016-3672HIGHCVSS 7.8PoCv12.02016-04-27

CVE-2016-3672 [HIGH] CWE-254 CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption res

nvd

← Previous2 / 5Next →