Vulnerabilities > Suse > Linux Enterprise Server > 15

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-29552 The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. 7.5
2023-03-01 CVE-2023-23005 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
local
low complexity
linux suse CWE-476
5.5
2022-04-27 CVE-2022-27239 Out-of-bounds Write vulnerability in multiple products
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
local
low complexity
samba debian suse hp fedoraproject CWE-787
7.8
2022-02-19 CVE-2021-45082 Command Injection vulnerability in multiple products
An issue was discovered in Cobbler before 3.3.1.
7.8
2022-01-28 CVE-2021-4034 Out-of-bounds Write vulnerability in multiple products
A local privilege escalation vulnerability was found on polkit's pkexec utility.
7.8
2021-11-11 CVE-2002-20001 Resource Exhaustion vulnerability in multiple products
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack.
network
low complexity
balasys siemens suse f5 hpe stormshield CWE-400
7.5
2021-07-28 CVE-2021-32000 Link Following vulnerability in Suse Linux Enterprise Server and Opensuse Factory
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files.
local
low complexity
suse CWE-59
7.1
2020-08-07 CVE-2020-8025 Unspecified vulnerability in Suse products
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings.
local
low complexity
suse
critical
9.3
2020-03-02 CVE-2020-8013 A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks.
local
high complexity
suse opensuse
2.5
2020-03-02 CVE-2019-18903 Use After Free vulnerability in multiple products
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.
network
low complexity
suse opensuse CWE-416
critical
9.8