Suse Linux Enterprise Server@12 Security Vulnerabilities and Issues — Suse Linux Enterprise Server@12 CVE List

Lucene search

SuseSuse Linux Enterprise Server12

12 matches found

CVE•added 2020/01/09 10:15 p.m.•337 views

CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

8.8CVSS8.6AI score0.19756EPSS

CVE•added 2020/07/29 6:15 p.m.•318 views

CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extrem...

6.4CVSS7.6AI score0.00033EPSS

CVE•added 2020/07/29 6:15 p.m.•285 views

CVE-2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 ...

6.4CVSS7.7AI score0.00064EPSS

CVE•added 2020/07/29 6:15 p.m.•284 views

CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. Thi...

6.4CVSS7.1AI score0.00024EPSS

CVE•added 2020/03/23 4:15 p.m.•266 views

CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02916EPSS

CVE•added 2020/03/23 4:15 p.m.•265 views

CVE-2020-6422

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02877EPSS

CVE•added 2020/03/23 4:15 p.m.•262 views

CVE-2020-6426

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS6.8AI score0.01082EPSS

CVE•added 2020/03/23 4:15 p.m.•190 views

CVE-2020-6427

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02916EPSS

CVE•added 2020/03/23 4:15 p.m.•181 views

CVE-2020-6428

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02916EPSS

CVE•added 2020/03/23 4:15 p.m.•178 views

CVE-2020-6424

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.0261EPSS

CVE•added 2020/03/23 4:15 p.m.•158 views

CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.06387EPSS

CVE•added 2020/02/04 8:15 p.m.•154 views

CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

4.9CVSS5.7AI score0.00315EPSS