Suse

Linux Enterprise Server

472 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-18901

  • EPSS 0.1%
  • Veröffentlicht 02.03.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:33:48

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 064...

7.8

CVE-2014-1947

  • EPSS 6.95%
  • Veröffentlicht 17.02.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 02:05:19

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, i...

6.8

CVE-2006-7246

Exploit
  • EPSS 0.07%
  • Veröffentlicht 27.01.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 00:24:43

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

3.3

CVE-2019-3687

  • EPSS 0.08%
  • Veröffentlicht 24.01.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 04:42:20

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e01...

6.5

CVE-2015-5239

  • EPSS 5.06%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:32:37

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

8.8

CVE-2010-3782

  • EPSS 0.3%
  • Veröffentlicht 02.01.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 01:19:36

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.

9

CVE-2012-6639

  • EPSS 1.2%
  • Veröffentlicht 25.11.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 01:46:35

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

7.5

CVE-2016-5285

  • EPSS 0.65%
  • Veröffentlicht 15.11.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 02:53:59

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

5.3

CVE-2019-11038

Exploit
  • EPSS 10.5%
  • Veröffentlicht 19.06.2019 00:15:12
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause t...

7.5

CVE-2017-16232

  • EPSS 1.74%
  • Veröffentlicht 21.03.2019 15:59:56
  • Zuletzt bearbeitet 21.11.2024 03:16:05

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue