Vulnerabilities (CVE)

Vendor filter

Suse Subscribe

Product filter

Suse Linux Enterprise Live Patching Subscribe

Filter

60 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-17957 1 Suse 1 Repository Mirroring Tool 2019-10-09 2.1
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
CVE-2011-4190 2 Opensuse, Suse 4 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Desktop and 1 more 2019-10-09 3.5
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to...
CVE-2017-13087 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay...
CVE-2017-5898 2 Suse, Qemu 5 Linux Enterprise Software Development Kit, Linux Enterprise Server For Sap, Linux Enterprise Server and 2 more 2019-10-03 2.1
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a...
CVE-2017-13088 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to...
CVE-2017-13081 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2018-16837 3 Redhat, Debian, Suse 4 Ansible Engine, Ansible Tower, Debian Linux and 1 more 2019-10-03 2.1
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in...
CVE-2017-13078 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13080 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13079 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2018-6556 4 Linuxcontainers, Canonical, Suse and 1 more 6 Lxc, Ubuntu Linux, Caas Platform and 3 more 2019-05-31 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2014-0131 3 Linux, Opensuse, Suse 3 Linux Kernel, Evergreen, Linux Enterprise Server 2019-05-13 2.9
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
CVE-2014-3917 3 Suse, Linux, Redhat 4 Linux Kernel, Enterprise Linux, Linux Enterprise Desktop and 1 more 2019-04-22 3.3
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a...
CVE-2015-0505 2 Suse, Oracle 5 Suse Linux Enterprise Desktop, Solaris, Suse Linux Enterprise Software Development Kit and 2 more 2019-02-01 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2015-3340 6 Suse, Debian, Xen and 3 more 11 Linux Enterprise Software Development Kit, Linux Enterprise Desktop, Debian Linux and 8 more 2018-10-30 2.9
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
CVE-2014-0181 4 Suse, Linux, Opensuse and 1 more 7 Linux Kernel, Enterprise Linux Desktop, Linux Enterprise Real Time Extension and 4 more 2018-10-30 2.1
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network...
CVE-2016-1693 6 Google, Suse, Debian and 3 more 10 Leap, Debian Linux, Enterprise Linux Desktop and 7 more 2018-10-30 2.6
browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT)...
CVE-2015-5969 3 Suse, Novell, Opensuse 8 Linux Enterprise Software Development Kit, Leap, Linux Enterprise Desktop and 5 more 2018-10-30 2.1
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE...
CVE-2007-4394 2 Suse, Novell 2 Suse Linux, Suse Linux 2018-10-30 2.1
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
CVE-2005-4791 2 Suse, Novell 2 Suse Linux, Suse Linux 2018-10-30 2.1
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.