Filtered by vendor Novell Subscriptions
Filtered by product Suse Linux Enterprise Server Subscriptions
Total 94 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-3690 7 Canonical, Debian, Linux and 4 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2024-11-21 5.5 Medium
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
CVE-2014-3687 8 Canonical, Debian, Linux and 5 more 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more 2024-11-21 7.5 High
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
CVE-2013-4419 4 Libguestfs, Novell, Redhat and 1 more 4 Libguestfs, Suse Linux Enterprise Server, Enterprise Linux and 1 more 2024-11-21 N/A
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CVE-2013-4357 5 Canonical, Debian, Eglibc and 2 more 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more 2024-11-21 7.5 High
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVE-2013-3567 5 Canonical, Novell, Puppet and 2 more 7 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 4 more 2024-11-21 N/A
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
CVE-2012-6657 3 Linux, Novell, Redhat 3 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux 2024-11-21 N/A
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.
CVE-2012-2313 3 Linux, Novell, Redhat 10 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 7 more 2024-11-21 N/A
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
CVE-2011-4914 2 Linux, Novell 2 Linux Kernel, Suse Linux Enterprise Server 2024-11-21 N/A
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.
CVE-2011-4913 2 Linux, Novell 2 Linux Kernel, Suse Linux Enterprise Server 2024-11-21 N/A
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.
CVE-2009-2707 1 Novell 1 Suse Linux Enterprise Server 2024-11-21 N/A
Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application.
CVE-2008-5423 3 Novell, Redhat, Sun 6 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 3 more 2024-11-21 N/A
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.
CVE-2008-5422 3 Novell, Redhat, Sun 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more 2024-11-21 N/A
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
CVE-2008-2931 6 Canonical, Debian, Linux and 3 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2024-11-21 7.8 High
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
CVE-2008-2112 3 Novell, Redhat, Sun 4 Suse Linux Enterprise Server, Enterprise Linux, Ray Server Software and 1 more 2024-11-21 N/A
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.