Suse Linux Enterprise Software Development Kit vulnerabilities

CVE-2015-1931 [MEDIUM] CWE-312 CVE-2015-1931: IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

CVE-2022-27239 [HIGH] CWE-787 CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-li In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2020-8025 [MEDIUM] CWE-279 CVE-2020-8025: A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux En A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects

CVE-2014-1947 [HIGH] CWE-787 CVE-2014-1947: Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and e Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

CVE-2015-5239 [MEDIUM] CWE-835 CVE-2015-5239: Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial o Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

CVE-2019-11038 [MEDIUM] CWE-457 CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the s

CVE-2017-16232 [HIGH] CWE-772 CVE-2017-16232: LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of s LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

CVE-2017-14804 [CRITICAL] CWE-22 CVE-2017-14804: The build package before 20171128 did not check directory names during extraction of build results t The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

CVE-2017-18017 [CRITICAL] CWE-416 CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVE-2015-5300 [HIGH] CWE-361 CVE-2015-5300: The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system c The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests f

CVE-2017-1000366 [HIGH] CWE-119 CVE-2017-1000366: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate th glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploita

CVE-2016-4473 [CRITICAL] CVE-2016-4473: /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. N /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.

CVE-2015-8567 [HIGH] CWE-401 CVE-2015-8567: Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory co Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

CVE-2016-9959 [HIGH] CWE-125 CVE-2016-9959: game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

CVE-2016-9958 [HIGH] CWE-119 CVE-2016-9958: game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

CVE-2016-9957 [HIGH] CWE-119 CVE-2016-9957: Stack-based buffer overflow in game-music-emu before 0.6.1. Stack-based buffer overflow in game-music-emu before 0.6.1.

CVE-2015-4680 [HIGH] CWE-295 CVE-2015-4680: FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermedi FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

CVE-2016-7797 [HIGH] CWE-254 CVE-2016-7797: Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

CVE-2016-9398 [HIGH] CWE-617 CVE-2016-9398: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

CVE-2014-9852 [CRITICAL] CWE-913 CVE-2014-9852: distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remot distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.