Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suse_linux_enterprise_server
(Suse)Repositories |
• https://github.com/torvalds/linux
• https://github.com/git/git • https://github.com/lighttpd/lighttpd1.4 |
#Vulnerabilities | 129 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-03-23 | CVE-2016-1602 | A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | Linux_enterprise_desktop, Linux_enterprise_server, Suse_linux_enterprise_server | 7.8 | ||
2017-04-12 | CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
2017-04-12 | CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
2017-04-12 | CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
2018-03-01 | CVE-2017-14798 | A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | Postgresql, Suse_linux_enterprise_server | 7.0 | ||
2018-06-08 | CVE-2011-3172 | A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | Suse_linux_enterprise_server | 9.8 | ||
2018-06-08 | CVE-2011-4190 | The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). | Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 5.3 | ||
2018-11-29 | CVE-2018-19655 | A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. | Dcraw, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 | ||
2020-01-27 | CVE-2018-20105 | A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. | Leap, Suse_linux_enterprise_server, Yast2\-Rmt | 5.5 | ||
2020-03-23 | CVE-2020-6422 | Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 |