本ページは suse linux_enterprise_software_development_kit に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2015-1931 | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | [email protected] | 5.5 | 0.05% | 2022-09-29 | 2024-11-21 |
| CVE-2022-27239 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | [email protected] | 7.8 | 0.07% | 2022-04-27 | 2024-11-21 |
| CVE-2020-8025 | A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prio | [email protected] | 6.1 | 0.05% | 2020-08-07 | 2024-11-21 |
| CVE-2014-1947 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. | [email protected] | 7.8 | 7.06% | 2020-02-17 | 2024-11-21 |
| CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | [email protected] | 6.5 | 8.41% | 2020-01-23 | 2024-11-21 |
| CVE-2019-11038 | When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | [email protected] | 5.3 | 10.54% | 2019-06-19 | 2024-11-21 |
| CVE-2017-16232 | LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue | [email protected] | 7.5 | 1.11% | 2019-03-21 | 2024-11-21 |
| CVE-2017-14804 | The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | [email protected] | 9.9 | 0.43% | 2018-03-01 | 2024-11-21 |
| CVE-2017-18017 | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | [email protected] | 9.8 | 34.31% | 2018-01-03 | 2025-01-03 |
| CVE-2015-5300 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | [email protected] | 7.5 | 36.84% | 2017-07-21 | 2026-05-13 |
| CVE-2017-1000366 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | [email protected] | 7.8 | 8.87% | 2017-06-19 | 2026-05-13 |
| CVE-2016-4473 | /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | [email protected] | 9.8 | 16.82% | 2017-06-08 | 2026-05-13 |
| CVE-2015-8567 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | [email protected] | 7.7 | 3.41% | 2017-04-13 | 2026-05-13 |
| CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | [email protected] | 7.8 | 0.31% | 2017-04-12 | 2026-05-13 |
| CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | [email protected] | 7.8 | 0.31% | 2017-04-12 | 2026-05-13 |
| CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | [email protected] | 7.8 | 0.29% | 2017-04-12 | 2026-05-13 |
| CVE-2015-4680 | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | [email protected] | 7.5 | 0.38% | 2017-04-05 | 2026-05-13 |
| CVE-2016-7797 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | [email protected] | 7.5 | 2.42% | 2017-03-24 | 2026-05-13 |
| CVE-2016-9398 | The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | [email protected] | 7.5 | 4.11% | 2017-03-23 | 2026-05-13 |
| CVE-2014-9854 | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | [email protected] | 7.5 | 1.94% | 2017-03-17 | 2026-05-13 |