Vulnerabilities > Suse > Linux Enterprise Server > 11

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-29552 The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. 7.5
2022-09-29 CVE-2015-1931 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
local
low complexity
ibm suse redhat CWE-312
5.5
2022-04-27 CVE-2022-27239 Out-of-bounds Write vulnerability in multiple products
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
local
low complexity
samba debian suse hp fedoraproject CWE-787
7.8
2022-02-19 CVE-2021-45082 Command Injection vulnerability in multiple products
An issue was discovered in Cobbler before 3.3.1.
7.8
2021-11-11 CVE-2002-20001 Resource Exhaustion vulnerability in multiple products
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack.
network
low complexity
balasys siemens suse f5 hpe stormshield CWE-400
7.5
2021-06-02 CVE-2018-10195 Integer Overflow or Wraparound vulnerability in multiple products
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
local
low complexity
lrzsz-project suse debian CWE-190
3.6
2020-03-02 CVE-2020-8013 Link Following vulnerability in multiple products
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks.
local
high complexity
suse opensuse CWE-59
2.5
2020-02-17 CVE-2014-1947 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
6.8
2020-01-27 CVE-2006-7246 Improper Certificate Validation vulnerability in multiple products
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
high complexity
gnome opensuse suse CWE-295
3.2
2020-01-23 CVE-2015-5239 Infinite Loop vulnerability in multiple products
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
network
low complexity
qemu fedoraproject canonical suse arista CWE-835
4.0