Product:

Suse_linux_enterprise_server

(Suse)
Repositories https://github.com/torvalds/linux
https://github.com/git/git
https://github.com/lighttpd/lighttpd1.4
#Vulnerabilities 133
Date Id Summary Products Score Patch Annotated
2015-01-21 CVE-2015-0413 Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. Ubuntu_linux, Jdk, Jre, Suse_linux_enterprise_server N/A
2015-05-21 CVE-2015-4000 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Iphone_os, Mac_os_x, Safari, Ubuntu_linux, Debian_linux, Chrome, Hp\-Ux, Content_manager, Internet_explorer, Firefox, Firefox_esr, Firefox_os, Network_security_services, Seamonkey, Thunderbird, Openssl, Opera_browser, Jdk, Jre, Jrockit, Sparc\-Opl_service_processor, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server 3.7
2020-07-29 CVE-2020-15705 GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Ubuntu_linux, Debian_linux, Grub2, Windows_10, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019, Leap, Enterprise_linux, Enterprise_linux_atomic_host, Openshift_container_platform, Suse_linux_enterprise_server 6.4
2018-11-07 CVE-2018-19052 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. Debian_linux, Lighttpd, Backports_sle, Leap, Suse_linux_enterprise_server 7.5
2020-03-23 CVE-2020-6449 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 8.8
2020-03-23 CVE-2020-6422 Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 8.8
2020-03-23 CVE-2020-6424 Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 8.8
2020-03-23 CVE-2020-6426 Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 6.5
2020-03-23 CVE-2020-6427 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 8.8
2020-03-23 CVE-2020-6428 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 8.8