Vulnerabilities (CVE)

Vendor filter

Suse Subscribe

Filter

484 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-12122 2 Nodejs, Suse 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more 2019-07-22 5.0
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources...
CVE-2018-12116 2 Nodejs, Suse 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more 2019-07-22 5.0
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a...
CVE-2012-3867 7 Suse, Puppetlabs, Debian and 4 more 9 Ubuntu Linux, Linux Enterprise Desktop, Debian Linux and 6 more 2019-07-10 4.3
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it...
CVE-2018-16876 3 Redhat, Debian, Suse 8 Ansible, Debian Linux, Openstack and 5 more 2019-06-27 5.0
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2018-16837 3 Redhat, Debian, Suse 4 Ansible Engine, Ansible Tower, Debian Linux and 1 more 2019-06-27 2.1
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in...
CVE-2019-6690 5 Python, Suse, Debian and 2 more 5 Python-gnupg, Backports, Debian Linux and 2 more 2019-06-18 5.0
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a...
CVE-2018-7566 6 Suse, Linux, Canonical and 3 more 12 Linux Enterprise Module For Public Cloud, Linux Kernel, Linux Enterprise Server and 9 more 2019-06-17 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2014-9761 6 Gnu, Suse, Fedoraproject and 3 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 7 more 2019-06-13 7.5
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan,...
CVE-2015-0192 3 Ibm, Redhat, Suse 8 Java, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-06-03 7.5
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
CVE-2018-6556 4 Linuxcontainers, Canonical, Suse and 1 more 6 Lxc, Ubuntu Linux, Caas Platform and 3 more 2019-05-31 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2017-17558 2 Linux, Suse 2 Linux Kernel, Linux Enterprise Server 2019-05-14 7.2
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which...
CVE-2014-0131 3 Linux, Opensuse, Suse 3 Linux Kernel, Evergreen, Linux Enterprise Server 2019-05-13 2.9
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
CVE-2019-3684 1 Suse 1 Manager 2019-05-13 4.3
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
CVE-2018-10875 3 Redhat, Debian, Suse 9 Ansible Engine, Openstack, Virtualization and 6 more 2019-05-10 7.5
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2017-15115 5 Redhat, Linux, Canonical and 2 more 6 Enterprise Mrg, Linux Kernel, Enterprise Linux and 3 more 2019-05-08 7.2
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or...
CVE-2018-19542 5 Jasper Project, Canonical, Suse and 2 more 6 Jasper, Ubuntu Linux, Linux Enterprise Desktop and 3 more 2019-05-03 4.3
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
CVE-2018-19539 4 Jasper Project, Suse, Debian and 1 more 5 Jasper, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2019-05-03 4.3
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-04-26 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2019-9211 3 Gnu, Suse, Fedoraproject 3 Pspp, Backports, Fedora 2019-04-25 4.3
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
CVE-2014-3917 3 Suse, Linux, Redhat 4 Linux Kernel, Enterprise Linux, Linux Enterprise Desktop and 1 more 2019-04-22 3.3
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a...