Vulnerabilities (CVE)

Vendor filter

Suse Subscribe

Product filter

Suse Linux Enterprise Workstation Extension Subscribe

Filter

484 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18873 4 Jasper Project, Canonical, Debian and 1 more 5 Jasper, Ubuntu Linux, Debian Linux and 2 more 2019-08-09 6.8
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
CVE-2018-19208 3 Sourceforge, Redhat, Suse 3 Libwpd, Enterprise Linux, Suse Linux Enterprise Server 2019-08-06 4.3
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
CVE-2018-18585 5 Kyzer, Canonical, Debian and 2 more 6 Limbspack, Ubuntu Linux, Debian Linux and 3 more 2019-08-06 4.3
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
CVE-2018-18584 5 Kyzer, Canonical, Debian and 2 more 5 Limbspack, Ubuntu Linux, Debian Linux and 2 more 2019-08-06 4.3
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVE-2018-10875 3 Redhat, Debian, Suse 9 Ansible Engine, Openstack, Virtualization and 6 more 2019-07-25 7.5
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2018-12122 2 Nodejs, Suse 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more 2019-07-22 5.0
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources...
CVE-2018-12116 2 Nodejs, Suse 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more 2019-07-22 5.0
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a...
CVE-2012-3867 7 Suse, Puppetlabs, Debian and 4 more 9 Ubuntu Linux, Linux Enterprise Desktop, Debian Linux and 6 more 2019-07-10 4.3
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it...
CVE-2018-16876 3 Redhat, Debian, Suse 8 Ansible, Debian Linux, Openstack and 5 more 2019-06-27 5.0
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2018-16837 3 Redhat, Debian, Suse 4 Ansible Engine, Ansible Tower, Debian Linux and 1 more 2019-06-27 2.1
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in...
CVE-2019-6690 5 Python, Suse, Debian and 2 more 5 Python-gnupg, Backports, Debian Linux and 2 more 2019-06-18 5.0
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a...
CVE-2018-7566 6 Suse, Linux, Canonical and 3 more 12 Linux Enterprise Module For Public Cloud, Linux Kernel, Linux Enterprise Server and 9 more 2019-06-17 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2014-9761 6 Gnu, Suse, Fedoraproject and 3 more 10 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 7 more 2019-06-13 7.5
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan,...
CVE-2015-0192 3 Ibm, Redhat, Suse 8 Java, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-06-03 7.5
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
CVE-2018-6556 4 Linuxcontainers, Canonical, Suse and 1 more 6 Lxc, Ubuntu Linux, Caas Platform and 3 more 2019-05-31 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2017-17558 2 Linux, Suse 2 Linux Kernel, Linux Enterprise Server 2019-05-14 7.2
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which...
CVE-2014-0131 3 Linux, Opensuse, Suse 3 Linux Kernel, Evergreen, Linux Enterprise Server 2019-05-13 2.9
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
CVE-2019-3684 1 Suse 1 Manager 2019-05-13 4.3
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
CVE-2017-15115 5 Redhat, Linux, Canonical and 2 more 6 Enterprise Mrg, Linux Kernel, Enterprise Linux and 3 more 2019-05-08 7.2
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or...
CVE-2018-19542 5 Jasper Project, Canonical, Suse and 2 more 6 Jasper, Ubuntu Linux, Linux Enterprise Desktop and 3 more 2019-05-03 4.3
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.