Latest suse suse linux enterprise server Vulnerabilities

CVE-2022-21944
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects...
openSUSE Factory watchman<=4.9.1
SUSE SUSE Linux Enterprise Server=15-sp3
CVE-2021-25315
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt with...
pip/salt<3002.2
SaltStack Salt<3002.2
openSUSE Tumbleweed
SUSE SUSE Linux Enterprise Server=15-sp3
SaltStack Salt<3002.2
openSUSE Tumbleweed
and 1 more
CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7
redhat/shim<0:15-8.el7
and 63 more
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 65 more
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported direct...
redhat/fwupdate<0:12-6.el7_8
redhat/grub2<1:2.02-0.86.el7_8
redhat/shim<0:15-7.el7_9
redhat/shim-signed<0:15-7.el7_8
redhat/grub2<1:2.02-0.86.el7_2
redhat/shim<0:15-8.el7
and 64 more
CVE-2020-6427
An use after free flaw was found in the audio component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1055788">https://code.google.com/p/chro...
debian/chromium
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
and 5 more
CVE-2020-6449
An use after free flaw was found in the audio component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1059686">https://code.google.com/p/chro...
debian/chromium
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
and 5 more
CVE-2020-6428
An use after free flaw was found in the audio component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1057593">https://code.google.com/p/chro...
debian/chromium
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
openSUSE Backports SLE=15.0-sp1
SUSE SUSE Linux Enterprise Desktop=12
SUSE SUSE Linux Enterprise Server=12
and 5 more
CVE-2020-6429
An use after free flaw was found in the audio component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1057627">https://code.google.com/p/chro...
debian/chromium
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
and 5 more
CVE-2020-6424
An use after free flaw was found in the media component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1031142">https://code.google.com/p/chro...
debian/chromium
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
and 5 more
CVE-2020-6426
An inappropriate implementation flaw was found in the V8 component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1052647">https://code.google...
debian/chromium
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
openSUSE Backports SLE=15.0-sp1
SUSE SUSE Linux Enterprise Desktop=12
SUSE SUSE Linux Enterprise Server=12
and 5 more
CVE-2020-6422
An use after free flaw was found in the WebGL component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1051748">https://code.google.com/p/chro...
debian/chromium
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
Google Chrome<80.0.3987.149
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 6 more
CVE-2019-15624
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Nextcloud Nextcloud Server<14.0.11
Nextcloud Nextcloud Server>=15.0.0<15.0.8
Opensuse Backports=sle-15-sp1
SUSE SUSE Linux Enterprise Server=12
CVE-2018-12476
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machi...
Suse Obs-service-tar Scm<0.9.2.1537788075.fefaa74
SUSE SUSE Linux Enterprise Server=15
SUSE openSUSE Factory
CVE-2018-20105
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log f...
Yast2-rmt Project Yast2-rmt<1.2.2
openSUSE Leap=15.0
SUSE SUSE Linux Enterprise Server=15
CVE-2019-18900
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used...
Opensuse Libzypp<16.21.2-27.68.1
SUSE CaaS Platform=3.0
Opensuse Libzypp<16.21.2-2.45.1
SUSE SUSE Linux Enterprise Server=12
Opensuse Libzypp<17.19.0-3.34.1
SUSE SUSE Linux Enterprise Server=15
CVE-2019-3691
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root....
Opensuse Munge<0.5.13-4.3.1
SUSE SUSE Linux Enterprise Server=15
Opensuse Munge<0.5.13-6.1
openSUSE Factory
CVE-2019-18898
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root....
Suse Trousers<0.3.14-6.3.1
SUSE SUSE Linux Enterprise Server=15-sp1
Suse Trousers<0.3.14-7.1
SUSE openSUSE Factory
openSUSE Leap=15.1
CVE-2020-5504
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this p...
composer/phpmyadmin/phpmyadmin>=4.0.0<4.9.4>=5.0.0<5.0.1
phpMyAdmin phpMyAdmin>=4.0.0<4.9.4
phpMyAdmin phpMyAdmin>=5.0.0<5.0.1
SUSE SUSE Linux Enterprise Server=12
Debian Debian Linux=8.0
composer/phpmyadmin/phpmyadmin>=5.0.0<5.0.1
and 1 more
CVE-2019-3688
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had...
SUSE SUSE Linux Enterprise Server=12-sp1
SUSE SUSE Linux Enterprise Server=12-sp2
SUSE SUSE Linux Enterprise Server=12-sp3
SUSE SUSE Linux Enterprise Server=15
SUSE SUSE Linux Enterprise Server=15-sp1
CVE-2019-3474
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server....
Microfocus Filr=3.0
Microfocus Filr=3.0-update_1
Microfocus Filr=3.0-update_2
Microfocus Filr=3.0-update_3
Microfocus Filr=3.0-update_4
Microfocus Filr=3.0-update_5
and 1 more
CVE-2019-3475
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects ...
Microfocus Filr=3.0
Microfocus Filr=3.0-update_1
Microfocus Filr=3.0-update_2
Microfocus Filr=3.0-update_3
Microfocus Filr=3.0-update_4
Microfocus Filr=3.0-update_5
and 1 more
CVE-2018-12122
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP...
redhat/nodejs<6.15.1
redhat/nodejs<8.14.0
redhat/nodejs<10.14.0
redhat/nodejs<11.3.0
Nodejs Node.js>=6.0.0<6.15.1
Nodejs Node.js>=8.0.0<8.14.0
and 7 more
CVE-2018-12116
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, th...
redhat/nodejs<8.14.0
redhat/nodejs<6.15.0
Nodejs Node.js>=6.0.0<=6.8.1
Nodejs Node.js>=6.9.0<6.15.0
Nodejs Node.js>=8.0.0<=8.8.1
Nodejs Node.js>=8.9.0<8.14.0
and 5 more
CVE-2018-19208
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTabl...
Libwpd Project Libwpd=0.10.2
Redhat Enterprise Linux=7.0
SUSE SUSE Linux Enterprise Server=11-sp4
CVE-2018-19052
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_a...
Lighttpd Lighttpd<1.4.50
openSUSE Backports SLE=15.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.0
openSUSE Leap=15.1
SUSE SUSE Linux Enterprise Server=11-sp3
and 7 more
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they...
ubuntu/lxc<3.0.1-0ubuntu1~18.04.2
debian/lxc
Canonical Ubuntu Linux=18.04
Linuxcontainers Lxc>=2.0.0<=2.0.9
Linuxcontainers Lxc>=3.0.0<3.0.2
SUSE CaaS Platform=1.0
and 5 more
CVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing t...
redhat/ansible<2.4.6
redhat/ansible<2.5.6
redhat/ansible<2.6.1
pip/ansible>=2.6.0<2.6.1
pip/ansible>=2.5.0<2.5.6
pip/ansible<2.4.6
and 26 more
CVE-2018-11053
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating s...
Dell EMC iDRAC Service Module=3.0.1
Dell EMC iDRAC Service Module=3.0.2
Dell EMC iDRAC Service Module=3.1.0
Dell EMC iDRAC Service Module=3.2.0
Citrix XenServer=7.1
Redhat Enterprise Linux=6.9
and 3 more
CVE-2011-4190
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in tha...
SUSE SUSE Linux Enterprise Server=11-sp1
SUSE SUSE Linux Enterprise Server=11.0-sp1
Suse Suse Linux Enterprise Server=11-sp1
SUSE SUSE Linux Enterprise Desktop=11-sp1
CVE-2011-3172
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.
SUSE SUSE Linux Enterprise Server<12.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203