Total
87 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3139 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2015-2709 | 3 Mozilla, Novell, Opensuse | 5 Firefox, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-8923 | 3 Canonical, Libarchive, Novell | 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. | |||||
| CVE-2016-3134 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2024-02-04 | 7.2 HIGH | 8.4 HIGH |
| The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. | |||||
| CVE-2016-2847 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2024-02-04 | 4.9 MEDIUM | 6.2 MEDIUM |
| fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. | |||||
| CVE-2016-3951 | 4 Canonical, Linux, Novell and 1 more | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. | |||||
| CVE-2016-3140 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2016-3689 | 3 Canonical, Linux, Novell | 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. | |||||
| CVE-2015-8924 | 3 Canonical, Libarchive, Novell | 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. | |||||
| CVE-2016-3138 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. | |||||
| CVE-2015-8816 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
| The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. | |||||
| CVE-2015-8918 | 2 Libarchive, Novell | 4 Libarchive, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | |||||
| CVE-2015-8922 | 4 Canonical, Libarchive, Novell and 1 more | 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. | |||||
| CVE-2015-4836 | 4 Novell, Opensuse, Oracle and 1 more | 16 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 13 more | 2024-02-04 | 2.8 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |||||
| CVE-2016-2188 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2015-2726 | 3 Mozilla, Novell, Oracle | 5 Firefox, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-3672 | 3 Canonical, Linux, Novell | 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. | |||||
| CVE-2015-8921 | 3 Canonical, Libarchive, Novell | 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | |||||
| CVE-2016-2815 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-3156 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. | |||||