Novell: >> Suse Linux Enterprise Desktop >> 12.0 Security Vulnerabilities
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.019
Published
2020-01-31
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-09-08
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
CVSS Score
7.8
EPSS Score
0.081
Published
2017-06-19
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-06
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-06-06
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
CVSS Score
5.5
EPSS Score
0.003
Published
2016-09-20
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVSS Score
6.5
EPSS Score
0.022
Published
2016-09-20
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-09-20
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVSS Score
7.5
EPSS Score
0.037
Published
2016-09-20
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
CVSS Score
5.5
EPSS Score
0.005
Published
2016-09-20
Page 1