Vulnerabilities > Suse > Linux Enterprise Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-19 | CVE-2021-45082 | Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.8 |
| 2022-01-28 | CVE-2021-4034 | Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. | 7.8 |
| 2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |
| 2021-07-28 | CVE-2021-32000 | Link Following vulnerability in Suse Linux Enterprise Server and Opensuse Factory A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. | 7.1 |
| 2021-06-02 | CVE-2018-10195 | Integer Overflow or Wraparound vulnerability in multiple products lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | 7.1 |
| 2020-08-07 | CVE-2020-8025 | Unspecified vulnerability in Suse products A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. | 9.3 |
| 2020-03-02 | CVE-2020-8013 | A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. | 2.5 |
| 2020-03-02 | CVE-2019-18903 | Use After Free vulnerability in multiple products A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. | 9.8 |
| 2020-03-02 | CVE-2019-18902 | Use After Free vulnerability in multiple products A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. | 9.8 |
| 2020-03-02 | CVE-2019-18901 | A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. | 5.5 |