suse linux_enterprise_debuginfo CVE 漏洞（54）

CVE 數: 54 CPE versions: View versions table

摘要

本頁列出影響 suse linux_enterprise_debuginfo 的已公開 CVE 漏洞（透過 NVD CPE 關聯）。每列包含嚴重程度評分、摘要與發布日期，便於識別與分析安全議題。

CVE	摘要	來源	最高 CVSS	EPSS %	公開時間	更新時間
CVE-2018-10195	lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.	[email protected]	7.1	0.14%	2021-06-02	2024-11-21
CVE-2015-5239	Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.	[email protected]	6.5	8.41%	2020-01-23	2024-11-21
CVE-2019-11038	When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.	[email protected]	5.3	10.54%	2019-06-19	2024-11-21
CVE-2017-18017	The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.	[email protected]	9.8	34.31%	2018-01-03	2025-01-03
CVE-2017-14491	Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.	[email protected]	9.8	33.72%	2017-10-04	2026-05-13
CVE-2015-5300	The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).	[email protected]	7.5	36.84%	2017-07-21	2026-05-13
CVE-2015-5219	The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.	[email protected]	7.5	2.24%	2017-07-21	2026-05-13
CVE-2015-5194	The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.	[email protected]	7.5	8.41%	2017-07-21	2026-05-13
CVE-2015-8567	Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).	[email protected]	7.7	3.41%	2017-04-13	2026-05-13
CVE-2014-9853	Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.	[email protected]	5.5	0.16%	2017-03-17	2026-05-13
CVE-2016-2318	GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.	[email protected]	5.5	0.21%	2017-02-03	2026-05-13
CVE-2016-2317	Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.	[email protected]	5.5	0.25%	2017-02-03	2026-05-13
CVE-2015-7976	The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.	[email protected]	4.3	3.17%	2017-01-30	2026-05-13
CVE-2016-5772	Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.	[email protected]	9.8	15.93%	2016-08-07	2026-05-06
CVE-2015-8808	The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.	[email protected]	5.5	0.29%	2016-07-13	2026-05-06
CVE-2016-5244	The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.	[email protected]	7.5	0.58%	2016-06-27	2026-05-06
CVE-2016-5118	The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename.	[email protected]	9.8	37.74%	2016-06-10	2026-05-06
CVE-2016-0718	Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.	[email protected]	9.8	2.83%	2016-05-26	2026-05-06
CVE-2016-3718 KEV	The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.	[email protected]	5.5	86.94%	2016-05-05	2026-04-22
CVE-2016-3715 KEV	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.	[email protected]	5.5	89.25%	2016-05-05	2026-04-22

cvelogic Threat Intelligence