11 SP3 * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2018-19543	125		2018-11-26	2020-09-25	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
2	CVE-2018-19542	476	DoS	2018-11-26	2020-04-15	4.3	None	Remote	Medium	Not required	None	None	Partial
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
3	CVE-2018-19541	125		2018-11-26	2021-01-29	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
4	CVE-2018-19540	787	Overflow	2018-11-26	2021-01-29	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
5	CVE-2018-19539	617	DoS	2018-11-26	2020-08-24	4.3	None	Remote	Medium	Not required	None	None	Partial
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
6	CVE-2018-18873	476		2018-10-31	2020-09-25	4.3	None	Remote	Medium	Not required	None	None	Partial
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
7	CVE-2018-18585	476		2018-10-23	2022-10-25	4.3	None	Remote	Medium	Not required	None	None	Partial
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
8	CVE-2018-18584	787		2018-10-23	2022-10-25	4.3	None	Remote	Medium	Not required	None	None	Partial
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
9	CVE-2018-17962	119	Overflow	2018-10-09	2020-08-24	5.0	None	Remote	Low	Not required	None	None	Partial
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
10	CVE-2017-18017	416	DoS Mem. Corr.	2018-01-03	2023-01-19	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
11	CVE-2017-14491	787	DoS Exec Code Overflow	2017-10-04	2022-04-22	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
12	CVE-2016-4957	476	DoS	2016-07-05	2020-06-18	5.0	None	Remote	Low	Not required	None	None	Partial
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
13	CVE-2016-4956		DoS	2016-07-05	2021-07-16	5.0	None	Remote	Low	Not required	None	None	Partial
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
14	CVE-2016-4955	362	DoS	2016-07-05	2021-07-16	4.3	None	Remote	Medium	Not required	None	None	Partial
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
15	CVE-2016-4954	362	DoS	2016-07-05	2021-07-16	5.0	None	Remote	Low	Not required	None	None	Partial
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
16	CVE-2016-4953	287	DoS	2016-07-05	2021-07-16	5.0	None	Remote	Low	Not required	None	None	Partial
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
17	CVE-2016-0264	119	Exec Code Overflow	2016-05-24	2021-09-09	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
18	CVE-2015-7976	254		2017-01-30	2018-10-30	4.0	None	Remote	Low	???	None	Partial	None
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
19	CVE-2015-5300	361	DoS	2017-07-21	2018-10-30	5.0	None	Remote	Low	Not required	None	None	Partial
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
20	CVE-2015-5219	704	DoS	2017-07-21	2023-02-13	5.0	None	Remote	Low	Not required	None	None	Partial
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
21	CVE-2015-5194	20	DoS	2017-07-21	2023-02-13	5.0	None	Remote	Low	Not required	None	None	Partial
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Total number of vulnerabilities : 21 Page : 1 (This Page)