Latest suse linux enterprise Vulnerabilities

CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Relax-and-recover Relax-and-recover<=2.7
SUSE Linux Enterprise=15.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
CVE-2023-34256
** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not p...
Linux Linux kernel<6.3.3
SUSE Linux Enterprise=12.0-sp5
SUSE Linux Enterprise=15.0-sp4
SUSE Linux Enterprise=15.0-sp5
ubuntu/linux<4.15.0-223.235
ubuntu/linux<5.4.0-162.179
and 150 more
CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue af...
Opensuse Canna<3.7p3-bp153.2.3.1
openSUSE Backports SLE=15.0-sp3
Opensuse Canna<3.7p3-bp154.3.3.1
openSUSE Backports SLE=15.0-sp4
Opensuse Canna=3.7p3
openSUSE Factory
and 1 more
CVE-2021-4166
Vim. Multiple issues were addressed by updating Vim.
Vim Vim<8.2.3884
Redhat Enterprise Linux=8.0
openSUSE Factory
SUSE Linux Enterprise=12.0
SUSE Linux Enterprise=15.0
Debian Debian Linux=9.0
and 26 more
CVE-2021-41819
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. B...
rubygems/cgi<0.1.0.1
rubygems/cgi=0.2.0
rubygems/cgi=0.3.0
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
and 42 more
CVE-2021-41817
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. This flaw allows an attacker to hang a ruby ap...
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
Ruby-lang Date<2.0.1
Ruby-lang Date>=3.0.0<3.0.2
Ruby-lang Date>=3.1.0<3.1.2
and 46 more
CVE-2021-4028
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to...
Linux Linux kernel>=5.10<5.10.71
Linux Linux kernel>=5.11<5.14.10
SUSE Linux Enterprise=15.0-sp3
SUSE Linux Enterprise=15.0-sp4
redhat/kernel-rt<0:3.10.0-1160.62.1.rt56.1203.el7
redhat/kernel<0:3.10.0-1160.62.1.el7
and 12 more
CVE-2020-14147
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (mem...
Redislabs Redis<5.0.9
Redislabs Redis>=6.0.0<6.0.3
Oracle Communications Operations Monitor=3.4
Oracle Communications Operations Monitor=4.1
Oracle Communications Operations Monitor=4.2
Oracle Communications Operations Monitor=4.3
and 3 more
CVE-2020-10804
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/User...
composer/phpmyadmin/phpmyadmin>=4.9.0<4.9.5>=5.0.0<5.0.2
phpMyAdmin phpMyAdmin>=4.0.0<4.9.5
phpMyAdmin phpMyAdmin>=5.0.0<5.0.2
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 9 more
CVE-2020-10803
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results ...
composer/phpmyadmin/phpmyadmin>=3.4<4.9.5>=5.0.0<5.0.2
phpMyAdmin phpMyAdmin>=4.0.0<4.9.5
phpMyAdmin phpMyAdmin>=5.0.0<5.0.2
Debian Debian Linux=8.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 10 more
CVE-2020-6415
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6416
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6408
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6404
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6406
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6402
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a cr...
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple macOS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
and 7 more
CVE-2020-6398
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6403
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple iPhone OS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 8 more
CVE-2020-6397
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6400
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6394
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6392
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c...
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6396
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6391
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6393
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6385
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6382
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6390
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search acti...
composer/phpmyadmin/phpmyadmin>=4.9.0<4.9.5>=5.0.0<5.0.2
phpMyAdmin phpMyAdmin>=4.0.0<4.9.5
phpMyAdmin phpMyAdmin>=5.0.0<5.0.2
Debian Debian Linux=8.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 10 more
CVE-2020-7106
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the descript...
Cacti Cacti<1.2.9
Debian Debian Linux=8.0
Debian Debian Linux=9.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
Suse Package Hub
and 6 more
CVE-2019-19923
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inco...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19925
SQLite is vulnerable to a denial of service, caused by the mishandling of a NULL pathname in the zipfileUpdate function in ext/misc/zipfile.c. By sending a specially-crafted request, a remote attacker...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 17 more
CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Netapp Cloud Backup
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Suse Package Hub
and 14 more
CVE-2020-6381
Insufficient policy enforcement in Blink.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Google Android
Google Chrome OS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
and 10 more
CVE-2019-13764
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<79.0.3945.79
Google Chrome<79.0.3945.79
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 7 more
CVE-2019-13745
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<79.0.3945.79
Google Chrome<79.0.3945.79
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Suse Package Hub
SUSE Linux Enterprise=12.0
and 7 more
CVE-2019-13734
An out of bounds write flaw was found in the SQLite component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1025466">https://code.google.com/...
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
Google Chrome<79.0.3945.79
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Openshift Container Platform=3.11
and 52 more
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. T...
Mozilla Firefox<68
<68
<60.8
<60.8
Mozilla Firefox<68.0
Mozilla Firefox ESR<60.8
and 7 more
CVE-2019-11709
Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbi...
Mozilla Firefox<68
<68
<60.8
<60.8
Mozilla Firefox<68.0
Mozilla Firefox ESR<60.8.0
and 7 more
CVE-2019-7443
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of a...
KDE KAuth<5.55.0
openSUSE Leap=15.0
openSUSE Leap=42.3
Opensuse Backports
SUSE Linux Enterprise=15.0
Fedoraproject Fedora=28
and 1 more
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and t...
pip/python-gnupg<0.4.4
Python Python-gnupg=0.4.3
Debian Debian Linux=8.0
Debian Debian Linux=9.0
openSUSE Leap=15.0
Suse Backports
and 13 more
CVE-2019-7317
A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is pr...
debian/libpng1.6<=1.6.28-1<=1.6.36-3<=1.6.36-2
Mozilla Thunderbird<60.7
Mozilla Firefox ESR<60.7
Mozilla Firefox<67
Libpng Libpng>=1.6.0<1.6.37
Debian Debian Linux=8.0
and 99 more
CVE-2018-16876
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Redhat Ansible>=2.5.0<2.5.14
Redhat Ansible>=2.6.0<2.6.11
Redhat Ansible>=2.7.0<2.7.5
Debian Debian Linux=9.0
Redhat Ansible Engine=2.0
Redhat Ansible Engine=2.5
and 21 more
CVE-2018-17953
Kernel Linux-pam=1.3.0
openSUSE Leap=15.0
SUSE Linux Enterprise=15.0
CVE-2018-16837
"User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executa...
Redhat Ansible Engine=2.0
Redhat Ansible Engine=2.5
Redhat Ansible Engine=2.6
Redhat Ansible Engine=2.7
Redhat Ansible Tower=3.3.0
Debian Debian Linux=8.0
and 13 more
CVE-2018-16588
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE...
SUSE shadow<=4.2.1-27.9.1
SUSE Linux Enterprise=12.0
SUSE shadow<=4.5-5.39
SUSE Linux Enterprise=15.0
CVE-2018-14522
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in `aubio_pitch_set_unit` in `pitch/pitch.c`, as demonstrated by aubionotes.
pip/aubio<0.4.7
debian/aubio
Aubio Aubio=0.4.6
openSUSE Leap=15.0
openSUSE Leap=42.3
SUSE Linux Enterprise=15.0
CVE-2018-14523
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in `new_aubio_pitchyinfft` in `pitch/pitchyinfft.c` when the samplerate of the input file is larger than 50kHz.
pip/aubio<0.4.7
debian/aubio
Aubio Aubio=0.4.6
openSUSE Leap=15.0
openSUSE Leap=42.3
SUSE Linux Enterprise=15.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203