VYPR

Vendor CVEs

SUSE S.A.

All CVEs

1,446 total · sorted by risk
  • CVE-2018-20511MedDec 27, 2018
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT…

  • CVE-2018-20169MedDec 17, 2018
    risk 0.00cvss 6.8epss 0.01

    An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

  • CVE-2018-18397MedDec 12, 2018
    risk 0.00cvss 5.5epss 0.01

    The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains…

  • CVE-2018-14646MedNov 26, 2018
    risk 0.00cvss 5.5epss 0.00

    The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic…

  • CVE-2018-18021HigOct 7, 2018
    risk 0.00cvss 7.1epss 0.01

    arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register…

  • CVE-2018-14619HigAug 30, 2018
    risk 0.00cvss 7.8epss 0.00

    A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading…

  • CVE-2018-5953MedAug 7, 2018
    risk 0.00cvss 5.5epss 0.00

    The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.

  • CVE-2018-10901HigJul 26, 2018
    risk 0.00cvss 7.8epss 0.01

    A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT,…

  • CVE-2018-13100MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.

  • CVE-2018-13098MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.

  • CVE-2018-13097MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).

  • CVE-2018-13096MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.03

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

  • CVE-2018-12633MedJun 22, 2018
    risk 0.00cvss 6.3epss 0.00

    An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the…

  • CVE-2018-11506HigMay 28, 2018
    risk 0.00cvss 7.8epss 0.00

    The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the…

  • CVE-2017-18270HigMay 18, 2018
    risk 0.00cvss 7.1epss 0.00

    In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.

  • CVE-2018-11232MedMay 18, 2018
    risk 0.00cvss 5.5epss 0.00

    The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.

  • CVE-2017-18261MedApr 19, 2018
    risk 0.00cvss 5.5epss 0.00

    The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario…

  • CVE-2018-10021MedApr 11, 2018
    risk 0.00cvss 5.5epss 0.00

    drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically…

  • CVE-2018-1095MedApr 2, 2018
    risk 0.00cvss 5.5epss 0.01

    The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer…

  • CVE-2017-18232MedMar 15, 2018
    risk 0.00cvss 5.5epss 0.00

    The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.

  • CVE-2018-7995MedMar 9, 2018
    risk 0.00cvss 4.7epss 0.00

    Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a…

  • CVE-2017-18222HigMar 8, 2018
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other…

  • CVE-2017-18218HigMar 5, 2018
    risk 0.00cvss 7.8epss 0.00

    In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and…

  • CVE-2017-18216MedMar 5, 2018
    risk 0.00cvss 5.5epss 0.01

    In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.

  • CVE-2017-5188MedMar 1, 2018
    risk 0.00cvss 5.0epss 0.01

    The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.

  • CVE-2017-18202HigFeb 27, 2018
    risk 0.00cvss 7.0epss 0.00

    The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call…

  • CVE-2017-18200MedFeb 26, 2018
    risk 0.00cvss 5.5epss 0.00

    The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.

  • CVE-2017-18193MedFeb 22, 2018
    risk 0.00cvss 5.5epss 0.00

    fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.

  • CVE-2018-6412HigJan 31, 2018
    risk 0.00cvss 7.5epss 0.02

    In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.

  • CVE-2017-15128MedJan 14, 2018
    risk 0.00cvss 5.5epss 0.00

    A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).

  • CVE-2017-15127MedJan 14, 2018
    risk 0.00cvss 5.5epss 0.00

    A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

  • CVE-2017-15126HigJan 14, 2018
    risk 0.00cvss 8.1epss 0.04

    A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already…

  • CVE-2018-5344HigJan 12, 2018
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

  • CVE-2015-5006Dec 7, 2015
    risk 0.00cvss epss 0.00

    IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

  • CVE-2015-0272Nov 17, 2015
    risk 0.00cvss epss 0.05

    GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

  • CVE-2015-2697Nov 9, 2015
    risk 0.00cvss epss 0.04

    The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

  • CVE-2015-2696Nov 9, 2015
    risk 0.00cvss epss 0.05

    lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a…

  • CVE-2015-2695Nov 9, 2015
    risk 0.00cvss epss 0.06

    lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a…

  • CVE-2015-4830Oct 21, 2015
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

  • CVE-2015-5707Oct 19, 2015
    risk 0.00cvss epss 0.00

    Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

  • CVE-2015-1781Sep 28, 2015
    risk 0.00cvss epss 0.05

    Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call…

  • CVE-2015-5706Aug 31, 2015
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup…

  • CVE-2015-3290Aug 31, 2015
    risk 0.00cvss epss 0.01

    arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.

  • CVE-2015-5154Aug 12, 2015
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

  • CVE-2015-3281Jul 6, 2015
    risk 0.00cvss epss 0.04

    The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted…

  • CVE-2015-2738Jul 6, 2015
    risk 0.00cvss epss 0.03

    The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact…

  • CVE-2015-2737Jul 6, 2015
    risk 0.00cvss epss 0.03

    The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

  • CVE-2015-2734Jul 6, 2015
    risk 0.00cvss epss 0.03

    The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and…

  • CVE-2015-4106Jun 3, 2015
    risk 0.00cvss epss 0.00

    QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact…

  • CVE-2014-8162May 14, 2015
    risk 0.00cvss epss 0.03

    XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

Page 19 of 29