Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suse_linux_enterprise_server
(Suse)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/git/git • https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 129 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-11-10 | CVE-2014-8369 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. | Debian_linux, Linux_kernel, Evergreen, Linux_enterprise_real_time_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2014-12-17 | CVE-2014-9322 | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | Ubuntu_linux, Android, Linux_kernel, Evergreen, Enterprise_linux_eus, Suse_linux_enterprise_server | 7.8 | ||
| 2015-04-21 | CVE-2015-2041 | net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. | Debian_linux, Linux_kernel, Suse_linux_enterprise_server | N/A | ||
| 2017-03-23 | CVE-2016-1602 | A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | Linux_enterprise_desktop, Linux_enterprise_server, Suse_linux_enterprise_server | 7.8 | ||
| 2017-04-12 | CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2017-04-12 | CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2017-04-12 | CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2018-03-01 | CVE-2017-14798 | A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | Postgresql, Suse_linux_enterprise_server | 7.0 | ||
| 2018-06-08 | CVE-2011-3172 | A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | Suse_linux_enterprise_server | 9.8 | ||
| 2018-06-08 | CVE-2011-4190 | The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). | Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 5.3 |