Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suse_linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/git/git • https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-12-17 | CVE-2014-9322 | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | Ubuntu_linux, Android, Linux_kernel, Evergreen, Enterprise_linux_eus, Suse_linux_enterprise_server | 7.8 | ||
| 2015-04-21 | CVE-2015-2041 | net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. | Debian_linux, Linux_kernel, Suse_linux_enterprise_server | N/A | ||
| 2017-03-23 | CVE-2016-1602 | A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | Linux_enterprise_desktop, Linux_enterprise_server, Suse_linux_enterprise_server | 7.8 | ||
| 2017-04-12 | CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2017-04-12 | CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2017-04-12 | CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2018-03-01 | CVE-2017-14798 | A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | Postgresql, Suse_linux_enterprise_server | 7.0 | ||
| 2018-06-08 | CVE-2011-3172 | A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | Suse_linux_enterprise_server | 9.8 | ||
| 2018-06-08 | CVE-2011-4190 | The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). | Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 5.3 | ||
| 2018-11-29 | CVE-2018-19655 | A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. | Dcraw, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 |