Lucene search
K
SuseLinux Enterprise High Performance Computing

9 matches found

CVE
CVE
added 2022/01/28 12:0 a.m.2223 views

CVE-2021-4034

Polkit pkexec (setuid) contains a local privilege escalation flaw where pkexec fails to validate the calling parameter count and may treat crafted environment variables as commands, enabling unprivileged users to execute arbitrary code with root privileges. This has been reported across multiple ...

7.8CVSS8.5AI score0.94921EPSS
In wild
CVE
CVE
added 2026/04/22 8:15 a.m.799 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2022/04/27 12:0 a.m.181 views

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

7.8CVSS7.7AI score0.00557EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.129 views

CVE-2024-46956

CVE-2024-46956 affects Artifex Ghostscript (psi/zfile.c) with an out-of-bounds data access in filenameforall that can lead to arbitrary code execution on Ghostscript versions up to 10.04.0. Connected advisories confirm this vulnerability and provide patch guidance; mitigation is to update Ghostsc...

7.8CVSS7.2AI score0.00388EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.116 views

CVE-2024-46951

CVE-2024-46951 is an issue in Artifex Ghostscript (Pattern color space) where an unchecked Implementation pointer could lead to arbitrary code execution. Connected advisories confirm this affects Ghostscript’s PostScript/PDF interpreter and note a developer-identified fix in ghostpdl-10.04.0, add...

7.8CVSS7.1AI score0.00356EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.105 views

CVE-2024-46953

CVE-2024-46953 concerns Ghostscript before 10.04.0, where an integer overflow while parsing the output filename format string in base/gsdevice.c can cause path truncation, enabling path traversal and potential code execution. Affected: Ghostscript PS/PDF interpreter, notably ghostpdl-10.04.0 and ...

7.8CVSS7.2AI score0.00387EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.87 views

CVE-2024-46955

CVE-2024-46955 : Ghostscript contains an out-of-bounds read in psi/zcolor.c when reading color in Indexed color space, before version 10.04.0. Impact is a local issue with user interaction required (per CVSS details: AV:L, UI:R, Availability:A:H). The fix is indicated by the ghostpdl-10.04.0 comm...

5.5CVSS6.4AI score0.00296EPSS
CVE
CVE
added 2020/08/07 10:10 a.m.69 views

CVE-2020-8025

CVE-2020-8025 affects the pcp permissions handling in SUSE/openSUSE packages. Affected: SLES 12-SP4, SLES 15-LTSS, SLES for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed. Affected component: permissions for some directories under the pcp package due to Incorrect Execution-Assigned Permissions. ...

9.3CVSS7.4AI score0.00475EPSS
CVE
CVE
added 2023/09/19 3:7 p.m.69 views

CVE-2023-32182

CVE-2023-32182 describes an improper Link Resolution Before File Access in postfix used by SUSE/OpenSUSE packages (SUSE SLED15/SLES15 SP5 and openSUSE Leap 15.5). The root cause is a link-following issue in the related config_postfix handling that could involve potentially unsafe /tmp usage. Affe...

7.8CVSS7.4AI score0.00286EPSS