Suse Linux Enterprise Server Security Vulnerabilities and Issues — Suse Linux Enterprise Server CVE List

Lucene search

SuseSuse Linux Enterprise Server

10 matches found

CVE•added 2018/11/07 5:29 a.m.•2265 views

CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target fil...

7.5CVSS7.3AI score0.42596EPSS

CVE•added 2018/01/04 1:29 p.m.•1018 views

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.1AI score0.94277EPSS

CVE•added 2018/08/10 3:29 p.m.•285 views

CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (rea...

3.3CVSS3.9AI score0.00043EPSS

CVE•added 2018/11/28 5:29 p.m.•211 views

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to mad...

7.5CVSS7.5AI score0.00707EPSS

CVE•added 2018/11/28 5:29 p.m.•191 views

CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

7.5CVSS7.3AI score0.03833EPSS

CVE•added 2018/11/12 7:29 p.m.•183 views

CVE-2018-19208

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

6.5CVSS6.1AI score0.00406EPSS

CVE•added 2018/03/01 8:29 p.m.•163 views

CVE-2017-14798

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

7.3CVSS7.1AI score0.00403EPSS

CVE•added 2018/11/29 5:29 a.m.•65 views

CVE-2018-19655

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

8.8CVSS8.1AI score0.00824EPSS

CVE•added 2018/06/08 1:29 p.m.•48 views

CVE-2011-3172

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.

10CVSS7.5AI score0.00232EPSS

CVE•added 2018/06/08 5:29 p.m.•40 views

CVE-2011-4190

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw...

5.9CVSS5AI score0.0023EPSS