Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Suse Subscribe
Filtered by product Suse Linux Enterprise Server
Total 141 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3673 7 Canonical, Debian, Linux and 4 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-02-12 7.8 HIGH 7.5 HIGH
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
CVE-2014-3654 2 Redhat, Suse 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more 2023-02-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
CVE-2014-3647 7 Canonical, Debian, Linux and 4 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2023-02-12 1.9 LOW 5.5 MEDIUM
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3646 6 Canonical, Debian, Linux and 3 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2023-02-12 4.7 MEDIUM 5.5 MEDIUM
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3687 8 Canonical, Debian, Linux and 5 more 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more 2023-02-12 7.8 HIGH 7.5 HIGH
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
CVE-2014-3601 4 Canonical, Linux, Opensuse and 1 more 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more 2023-02-12 4.3 MEDIUM N/A
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
CVE-2014-0196 7 Canonical, Debian, F5 and 4 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2023-02-12 6.9 MEDIUM N/A
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
CVE-2011-1585 2 Linux, Suse 2 Linux Kernel, Suse Linux Enterprise Server 2023-02-12 3.3 LOW N/A
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.
CVE-2016-3714 5 Canonical, Debian, Imagemagick and 2 more 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more 2023-02-12 10.0 HIGH 8.4 HIGH
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2023-02-12 6.8 MEDIUM 8.1 HIGH
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2023-02-09 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2019-3691 2 Opensuse, Suse 3 Factory, Munge, Suse Linux Enterprise Server 2023-01-31 7.2 HIGH 7.8 HIGH
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.
CVE-2022-21944 2 Opensuse, Suse 2 Factory Watchman, Suse Linux Enterprise Server 2023-01-19 7.2 HIGH 7.8 HIGH
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVE-2014-9322 6 Canonical, Google, Linux and 3 more 6 Ubuntu Linux, Android, Linux Kernel and 3 more 2023-01-17 7.2 HIGH 7.8 HIGH
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
CVE-2019-18898 2 Opensuse, Suse 4 Leap, Opensuse Factory, Suse Linux Enterprise Server and 1 more 2022-11-09 7.2 HIGH 7.8 HIGH
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
CVE-2021-25315 3 Opensuse, Saltstack, Suse 3 Tumbleweed, Salt, Suse Linux Enterprise Server 2022-10-25 4.6 MEDIUM 7.8 HIGH
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
CVE-2018-12122 2 Nodejs, Suse 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more 2022-09-06 5.0 MEDIUM 7.5 HIGH
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
CVE-2018-12116 2 Nodejs, Suse 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more 2022-08-29 5.0 MEDIUM 7.5 HIGH
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
CVE-2015-0413 3 Canonical, Oracle, Suse 4 Ubuntu Linux, Jdk, Jre and 1 more 2022-05-13 1.9 LOW N/A
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
CVE-2020-15705 7 Canonical, Debian, Gnu and 4 more 14 Ubuntu Linux, Debian Linux, Grub2 and 11 more 2022-04-18 4.4 MEDIUM 6.4 MEDIUM
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.