Suse Linux Enterprise Server Security Vulnerabilities and Issues — Suse Linux Enterprise Server CVE List

Lucene search

SuseSuse Linux Enterprise Server

16 matches found

CVE•added 2018/01/04 1:29 p.m.•1019 views

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.1AI score0.94332EPSS

CVE•added 2014/11/10 11:55 a.m.•216 views

CVE-2014-8559

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

5.5CVSS5.2AI score0.00055EPSS

CVE•added 2020/01/27 9:15 a.m.•151 views

CVE-2018-20105

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUS...

5.5CVSS4.5AI score0.00143EPSS

CVE•added 2014/12/02 4:59 p.m.•147 views

CVE-2014-9116

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

5CVSS9AI score0.02619EPSS

CVE•added 2014/11/10 11:55 a.m.•132 views

CVE-2014-3610

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, relate...

5.5CVSS5.9AI score0.0005EPSS

CVE•added 2014/11/10 11:55 a.m.•112 views

CVE-2014-3647

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

5.5CVSS5.5AI score0.00032EPSS

CVE•added 2015/03/27 2:59 p.m.•111 views

CVE-2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over...

5CVSS8AI score0.02531EPSS

CVE•added 2009/10/22 4:0 p.m.•106 views

CVE-2009-3621

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

5.5CVSS6.1AI score0.00039EPSS

CVE•added 2010/09/21 6:0 p.m.•101 views

CVE-2010-3078

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

5.5CVSS5.5AI score0.00048EPSS

CVE•added 2014/11/10 11:55 a.m.•95 views

CVE-2014-3646

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

5.5CVSS5.9AI score0.00055EPSS

CVE•added 2010/09/21 6:0 p.m.•91 views

CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related ...

5.5CVSS5.5AI score0.00022EPSS

CVE•added 2010/09/08 8:0 p.m.•79 views

CVE-2010-2066

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

5.5CVSS5.6AI score0.00061EPSS

CVE•added 2008/08/12 11:41 p.m.•72 views

CVE-2008-3275

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area...

5.5CVSS5.2AI score0.00077EPSS

CVE•added 2014/03/19 10:55 a.m.•71 views

CVE-2014-1496

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

5.5CVSS7AI score0.00064EPSS

CVE•added 2008/09/04 5:41 p.m.•61 views

CVE-2007-6716

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.

5.5CVSS5.1AI score0.00042EPSS

CVE•added 2018/06/08 5:29 p.m.•40 views

CVE-2011-4190

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw...

5.9CVSS5AI score0.0023EPSS