Lucene search
+L
SuseLinux Enterprise Server15

15 matches found

CVE
CVE
added 2022/01/28 12:0 a.m.2236 views

CVE-2021-4034

Polkit pkexec (setuid) contains a local privilege escalation flaw where pkexec fails to validate the calling parameter count and may treat crafted environment variables as commands, enabling unprivileged users to execute arbitrary code with root privileges. This has been reported across multiple ...

7.8CVSS8.5AI score0.94921EPSS
In wild
CVE
CVE
added 2026/04/22 8:15 a.m.956 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2023/04/25 12:0 a.m.446 views

CVE-2023-29552

CVE-2023-29552 describes a DoS vulnerability in the Service Location Protocol (SLP) where an unauthenticated remote attacker can register arbitrary services, causing SLP server to respond with spoofed traffic and enabling large amplification (reported up to ~2,200x). Documented impacts include po...

7.5CVSS7.4AI score0.65873EPSS
In wild
CVE
CVE
added 2021/11/11 12:0 a.m.413 views

CVE-2002-20001

CVE-2002-20001 describes a Diffie-Hellman key exchange weakness where a remote attacker (from the client side) can send non-public values to induce expensive server-side DHE modular-exponentiation, potentially impacting availability. The description specifies that the attack is most disruptive wh...

7.5CVSS7.3AI score0.23061EPSS
CVE
CVE
added 2022/02/18 11:23 p.m.209 views

CVE-2021-45082

CVE-2021-45082 affects Cobbler prior to 3.3.1. The issue resides in templar.py, where the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring (only lines starting with #import are blocked). This could enable unintended module ...

7.8CVSS7.5AI score0.00495EPSS
CVE
CVE
added 2022/04/27 12:0 a.m.186 views

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

7.8CVSS7.7AI score0.00562EPSS
CVE
CVE
added 2018/10/09 10:0 p.m.162 views

CVE-2018-17962

CVE-2018-17962 is a QEMU vulnerability: a buffer overflow in pcnet_receive() in hw/net/pcnet.c caused by an incorrect integer data type. The Initial Description confirms the flaw; connected Nessus advisories reference this CVE among other QEMU issues. The provided documents do not include the fix...

7.5CVSS8.5AI score0.04503EPSS
CVE
CVE
added 2020/03/02 3:20 p.m.162 views

CVE-2019-18897

CVE-2019-18897 is a local privilege escalation in Salt packaging on SUSE/OpenSUSE derivatives (SUSE SLES 12/15 and openSUSE Factory) due to a UNIX Symlink Following vulnerability in salt-master packaging. Affected: SUSE SLES 12 salt-master 2019.2.0-46.83.1 and prior; SLES 15 salt-master 2019.2.0-...

8.4CVSS7.7AI score0.00386EPSS
CVE
CVE
added 2020/03/02 4:35 p.m.157 views

CVE-2020-8013

CVE-2020-8013 is a UNIX symlink-following vulnerability in SUSE/openSUSE permissions chkstat. The issue occurs when chkstat follows symlinks, causing permissions intended for certain binaries to be applied to other binaries. Affected: SUSE Linux Enterprise Server 12, 15, and 11 permission profile...

2.5CVSS4AI score0.00317EPSS
CVE
CVE
added 2020/03/02 4:45 p.m.153 views

CVE-2019-18902

CVE-2019-18902 is a Use After Free vulnerability in the Wicked service used by SUSE Linux Enterprise Server 12/15 and related openSUSE variants. The issue affects Wicked components prior to specific versions (SLES 12 <0.6.60-3.5.1; SLES 15 <0.6.60-3.21.1; openSUSE Leap 15.1 <0.6.60-lp151...

9.8CVSS8.7AI score0.02357EPSS
CVE
CVE
added 2020/03/02 4:45 p.m.143 views

CVE-2019-18903

CVE-2019-18903 describes a Use-After-Free in the wicked service across SUSE/openSUSE products. Affected: SUSE Linux Enterprise Server 12 wicked < 0.6.60-2.18.1 and SLES 15 wicked < 0.6.60-28.26.1; openSUSE Leap 15.1 wicked < 0.6.60-lp151.2.9.1; openSUSE Factory wicked

9.8CVSS8.7AI score0.02357EPSS
CVE
CVE
added 2020/03/02 4:10 p.m.139 views

CVE-2019-18901

CVE-2019-18901 affects SUSE Linux Enterprise Server 12 (mariadb, prior to 10.2.31-3.25.1) and SLE 15 (mariadb, prior to 10.2.31-3.26.1). A UNIX symlink following in mysql-systemd-helper allows local attackers to change permissions of arbitrary files to 0640. The vulnerability is localized (LOCAL)...

5.5CVSS5.5AI score0.0038EPSS
CVE
CVE
added 2021/07/28 9:35 a.m.97 views

CVE-2021-32000

CVE-2021-32000 is a local privilege issue in the clone-master-clean-up.sh script of the clone-master-clean-up utility. A UNIX symlink following vulnerability could allow local attackers to delete arbitrary files on SUSE Linux Enterprise Server 12 SP3 (1.6-4.6.1 and earlier) and 15 SP1 (1.6-3.9.1 ...

7.1CVSS5.1AI score0.00296EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.86 views

CVE-2023-23005

The CVE-2023-23005 issue affects the Linux kernel prior to 6.2. It occurs in mm/memory-tiers.c where alloc_memory_type is misinterpreted (treating an error pointer as NULL in the error case), potentially enabling an availability impact. The root cause is the incorrect handling of the alloc_memory...

5.5CVSS5.1AI score0.00268EPSS
CVE
CVE
added 2020/08/07 10:10 a.m.76 views

CVE-2020-8025

CVE-2020-8025 affects the pcp permissions handling in SUSE/openSUSE packages. Affected: SLES 12-SP4, SLES 15-LTSS, SLES for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed. Affected component: permissions for some directories under the pcp package due to Incorrect Execution-Assigned Permissions. ...

9.3CVSS7.4AI score0.00475EPSS