Linux Enterprise Security Vulnerabilities and Issues — Linux Enterprise CVE List

Lucene search

SuseLinux Enterprise

11 matches found

CVE•added 2016/06/20 1:59 a.m.•187 views

CVE-2016-2178

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

5.5CVSS7.2AI score0.00305EPSS

CVE•added 2024/01/12 11:15 p.m.•99 views

CVE-2024-23301

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

5.5CVSS5.4AI score0.00096EPSS

CVE•added 2023/05/31 8:15 p.m.•91 views

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend agai...

5.5CVSS5.8AI score0.00016EPSS

CVE•added 2008/11/13 1:0 a.m.•85 views

CVE-2008-4989

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguis...

5.9CVSS5.9AI score0.00393EPSS

CVE•added 2017/02/03 3:59 p.m.•78 views

CVE-2016-8568

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

5.5CVSS5.3AI score0.00637EPSS

CVE•added 2017/02/03 3:59 p.m.•74 views

CVE-2016-8569

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

5.5CVSS5.3AI score0.00735EPSS

CVE•added 2009/02/12 4:30 p.m.•63 views

CVE-2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "sourc...

5CVSS7.5AI score0.00627EPSS

CVE•added 2016/06/05 11:59 p.m.•63 views

CVE-2016-1694

browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

5.3CVSS6AI score0.00713EPSS

CVE•added 2016/06/05 11:59 p.m.•60 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS

CVE•added 2016/06/05 11:59 p.m.•55 views

CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

5.3CVSS5.8AI score0.00895EPSS

CVE•added 2016/10/10 4:59 p.m.•53 views

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

5.9CVSS6AI score0.00703EPSS