rpm package
suse/openslp&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/openslp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-17833 | Cri | 9.8 | < 2.0.0-18.15.1 | 2.0.0-18.15.1 | Apr 23, 2018 | OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | |
| CVE-2015-8079 | Med | 5.3 | < 2.0.0-11.1 | 2.0.0-11.1 | Sep 7, 2017 | qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. | |
| CVE-2016-4912 | Hig | 7.5 | < 2.0.0-17.1 | 2.0.0-17.1 | Mar 27, 2017 | The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure. | |
| CVE-2016-7567 | Cri | 9.8 | < 2.0.0-17.1 | 2.0.0-17.1 | Jan 23, 2017 | Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | |
| CVE-2016-6354 | Cri | 9.8 | < 2.0.0-11.1 | 2.0.0-11.1 | Sep 21, 2016 | Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. |
- affected < 2.0.0-18.15.1fixed 2.0.0-18.15.1
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
- affected < 2.0.0-11.1fixed 2.0.0-11.1
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.
- affected < 2.0.0-17.1fixed 2.0.0-17.1
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
- affected < 2.0.0-17.1fixed 2.0.0-17.1
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
- affected < 2.0.0-11.1fixed 2.0.0-11.1
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.