Suse

Suse Linux Enterprise Server

131 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-6429

Exploit
  • EPSS 4.75%
  • Veröffentlicht 23.03.2020 16:15:17
  • Zuletzt bearbeitet 21.11.2024 05:35:42

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2020-6449

Exploit
  • EPSS 4.71%
  • Veröffentlicht 23.03.2020 16:15:17
  • Zuletzt bearbeitet 21.11.2024 05:35:45

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.9

CVE-2019-15624

Exploit
  • EPSS 0.32%
  • Veröffentlicht 04.02.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:29:09

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

5.5

CVE-2018-20105

  • EPSS 0.14%
  • Veröffentlicht 27.01.2020 09:15:11
  • Zuletzt bearbeitet 21.11.2024 04:00:53

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Ser...

8.8

CVE-2020-5504

Exploit
  • EPSS 23.14%
  • Veröffentlicht 09.01.2020 22:15:13
  • Zuletzt bearbeitet 16.04.2025 15:15:46

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account t...

7.1

CVE-2019-3688

  • EPSS 0.06%
  • Veröffentlicht 07.10.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:42:20

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an att...

8.8

CVE-2018-19655

Exploit
  • EPSS 0.71%
  • Veröffentlicht 29.11.2018 05:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:21

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a malicio...

7.5

CVE-2018-12116

  • EPSS 0.62%
  • Veröffentlicht 28.11.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:44:37

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a secon...

7.5

CVE-2018-12122

  • EPSS 2.81%
  • Veröffentlicht 28.11.2018 17:29:00
  • Zuletzt bearbeitet 13.12.2024 14:15:19

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources ali...

6.5

CVE-2018-19208

Exploit
  • EPSS 0.41%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:33

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.