Vulnerabilities (CVE)

Vendor filter

Suse Subscribe

Product filter

Suse Linux Enterprise Workstation Extension Subscribe

Filter

491 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3688 1 Suse 1 Suse Linux Enterprise Server 2019-10-11 6.6
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an...
CVE-2019-3684 1 Suse 1 Manager 2019-10-09 4.3
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
CVE-2018-17957 1 Suse 1 Repository Mirroring Tool 2019-10-09 2.1
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
CVE-2018-12472 1 Suse 1 Subscription Management Tool 2019-10-09 6.4
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
CVE-2018-12471 1 Suse 1 Subscription Management Tool 2019-10-09 6.4
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
CVE-2018-12470 1 Suse 1 Subscription Management Tool 2019-10-09 7.5
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
CVE-2017-9268 2 Suse, Opensuse 2 Open Build Service, Open Build Service 2019-10-09 4.0
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of...
CVE-2017-3224 3 Quagga, Redhat, Suse 4 Quagga, Package Manager, Opensuse and 1 more 2019-10-09 4.3
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined...
CVE-2017-14804 2 Opensuse, Suse 2 Leap, Linux Enterprise Software Development Kit 2019-10-09 5.0
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
CVE-2015-5123 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Enterprise Linux Desktop and 6 more 2019-10-09 10.0
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2015-5122 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Enterprise Linux Desktop and 6 more 2019-10-09 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2011-4190 2 Opensuse, Suse 4 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Desktop and 1 more 2019-10-09 3.5
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to...
CVE-2011-3172 1 Suse 1 Suse Linux Enterprise Server 2019-10-09 10.0
A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to 12.
CVE-2018-19541 4 Jasper Project, Canonical, Suse and 1 more 5 Jasper, Ubuntu Linux, Linux Enterprise Desktop and 2 more 2019-10-07 6.8
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
CVE-2018-19540 3 Jasper Project, Suse, Debian 4 Jasper, Linux Enterprise Desktop, Linux Enterprise Server and 1 more 2019-10-07 6.8
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
CVE-2004-0956 4 Mysql, Suse, Ubuntu and 1 more 4 Mysql, Suse Linux, Ubuntu Linux and 1 more 2019-10-07 5.0
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
CVE-2004-0957 7 Ubuntu, Redhat, Mysql and 4 more 8 Enterprise Linux Desktop, Enterprise Linux, Openpkg and 5 more 2019-10-07 6.8
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct...
CVE-2017-13081 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2019-10-03 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-14798 2 Postgresql, Suse 2 Postgresql, Suse Linux Enterprise Server 2019-10-03 6.9
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.