Novell Novell Now part of MicroFocus

  1. Vendors
  2. Novell

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Novell product.

RSS Feeds for Novell security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Novell products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Novell Sorted by Most Security Vulnerabilities since 2018

Novell Suse Linux Enterprise Server81 vulnerabilities

Novell Suse Linux Enterprise Desktop76 vulnerabilities

Novell Suse Linux Enterprise Software Development Kit64 vulnerabilities

Novell Suse Linux Enterprise Real Time Extension26 vulnerabilities

Novell Suse Linux Enterprise Workstation Extension22 vulnerabilities

Novell Suse Linux Enterprise Debuginfo21 vulnerabilities

Novell Suse Linux Enterprise Live Patching21 vulnerabilities

Novell Suse Linux Enterprise Module Public Cloud21 vulnerabilities

Novell Suse Package Hub Suse Linux Enterprise10 vulnerabilities

Novell Linux Desktop7 vulnerabilities

Novell Open Enterprise Server6 vulnerabilities

Novell Suse Manager5 vulnerabilities

Novell Leap3 vulnerabilities

Novell Suse Linux3 vulnerabilities

Novell Suse Linux Enterprise Module Legacy Software2 vulnerabilities

Novell Suse Manager Proxy2 vulnerabilities

Novell Suse Openstack Cloud2 vulnerabilities

Novell Zenworks Configuration Management2 vulnerabilities

Novell Edirectory2 vulnerabilities

Novell Suse Linux Enterprise Server Sap1 vulnerability

Novell Opensuse Leap1 vulnerability

Novell Ichain1 vulnerability

Novell Groupwise Webaccess1 vulnerability

Novell Suse Studio Onsite1 vulnerability

Novell Groupwise1 vulnerability

By the Year

In 2025 there have been 2 vulnerabilities in Novell with an average score of 8.2 out of ten. Novell did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year.




Year Vulnerabilities Average Score
2025 2 8.15
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 2 4.25
2019 4 7.80

It may take a day or so for new Novell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Novell Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-12084 Jan 15, 2025
rsync Daemon Heap Bof via Checksum Length Overrun A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
Suse Linux
CVE-2024-12088 Jan 14, 2025
Rsync --safe-links Path Traversal, Arbitrary File Write A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
Suse Linux
CVE-2020-8118 Feb 04, 2020
An authenticated server-side request forgery in Nextcloud server 16.0.1 An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
Suse Linux Enterprise Server
CVE-2015-6815 Jan 31, 2020
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
And others...
CVE-2019-13730 Dec 10, 2019
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Suse Package Hub Suse Linux Enterprise
CVE-2019-11717 Jul 23, 2019
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Suse Package Hub Suse Linux Enterprise
CVE-2019-9811 Jul 23, 2019
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Suse Package Hub Suse Linux Enterprise
CVE-2019-11338 Apr 19, 2019
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Suse Package Hub Suse Linux Enterprise
CVE-2017-14491 Oct 04, 2017
Heap-based buffer overflow in dnsmasq before 2.78 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Leap
CVE-2015-5219 Jul 21, 2017
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
Leap
CVE-2016-9960 Jun 06, 2017
game-music-emu before 0.6.1 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
Suse Linux Enterprise Software Development Kit
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
And others...
CVE-2016-9961 Jun 06, 2017
game-music-emu before 0.6.1 mishandles unspecified integer values. game-music-emu before 0.6.1 mishandles unspecified integer values.
Suse Linux Enterprise Software Development Kit
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
And others...
CVE-2014-9853 Mar 17, 2017
Memory leak in coders/rle.c in ImageMagick Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Leap
CVE-2016-7796 Oct 13, 2016
The manager_dispatch_notify_fd function in systemd The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server Sap
And others...
CVE-2016-7052 Sep 26, 2016
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Suse Linux Enterprise Module Web Scripting
CVE-2016-6304 Sep 26, 2016
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Suse Linux Enterprise Module Web Scripting
CVE-2016-6306 Sep 26, 2016
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Suse Linux Enterprise Module Web Scripting
CVE-2016-4303 Sep 26, 2016
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Suse Package Hub Suse Linux Enterprise
CVE-2015-8921 Sep 20, 2016
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2015-8918 Sep 20, 2016
The archive_string_append function in archive_string.c in libarchive before 3.2.0 The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2015-8919 Sep 20, 2016
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2015-8920 Sep 20, 2016
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2015-8922 Sep 20, 2016
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2015-8923 Sep 20, 2016
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2015-8924 Sep 20, 2016
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2016-4957 Jul 05, 2016
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Suse Manager
CVE-2016-4955 Jul 05, 2016
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Suse Manager
CVE-2016-4956 Jul 05, 2016
ntpd in NTP 4.x before 4.2.8p8 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
Suse Manager
CVE-2016-4997 Jul 03, 2016
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Suse Linux Enterprise Module Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
And others...
CVE-2016-4470 Jun 27, 2016
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Suse Linux Enterprise Real Time Extension
CVE-2016-3707 Jun 27, 2016
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
Suse Linux Enterprise Real Time Extension
CVE-2014-9904 Jun 27, 2016
The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.
Suse Linux Enterprise Real Time Extension
CVE-2016-5829 Jun 27, 2016
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Suse Linux Enterprise Real Time Extension
CVE-2016-5828 Jun 27, 2016
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Suse Linux Enterprise Real Time Extension
CVE-2016-1583 Jun 27, 2016
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
Suse Linux Enterprise Desktop
And others...
CVE-2016-2815 Jun 13, 2016
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2016-2818 Jun 13, 2016
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Package Hub Suse Linux Enterprise
And others...
CVE-2016-2834 Jun 13, 2016
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
And others...
CVE-2016-0363 Jun 03, 2016
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
Suse Manager
Suse Linux Enterprise Server
Suse Manager Proxy
And others...
CVE-2016-0376 Jun 03, 2016
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
Suse Manager
Suse Linux Enterprise Server
Suse Manager Proxy
And others...
CVE-2016-4482 May 23, 2016
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Suse Linux Enterprise Module Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
And others...
CVE-2016-4485 May 23, 2016
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
Suse Linux Enterprise Server
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Software Development Kit
And others...
CVE-2016-4486 May 23, 2016
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Suse Linux Enterprise Module Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
And others...
CVE-2016-4569 May 23, 2016
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
Suse Linux Enterprise Module Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
And others...
CVE-2016-4805 May 23, 2016
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
Suse Linux Enterprise Desktop
Suse Linux Enterprise Workstation Extension
Suse Linux Enterprise Module Public Cloud
And others...
CVE-2016-4913 May 23, 2016
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Suse Linux Enterprise Server
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Software Development Kit
And others...
CVE-2016-2186 May 02, 2016
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Suse Linux Enterprise Module Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
And others...
CVE-2016-2188 May 02, 2016
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Suse Linux Enterprise Module Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
And others...
CVE-2016-2187 May 02, 2016
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Suse Linux Enterprise Server
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Software Development Kit
And others...
CVE-2016-3689 May 02, 2016
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
Suse Linux Enterprise Module Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.