Vulnerabilities > Suse > Linux Enterprise

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2024-23301 Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. 5.5
2023-05-31 CVE-2023-34256 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.3.3.
local
low complexity
linux suse debian CWE-125
5.5
2022-08-24 CVE-2021-4028 Use After Free vulnerability in multiple products
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free.
local
low complexity
linux suse CWE-416
7.8
2022-01-01 CVE-2021-41819 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names.
7.5
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. 7.5
2021-12-25 CVE-2021-4166 Out-of-bounds Read vulnerability in multiple products
vim is vulnerable to Out-of-bounds Read
7.1
2020-06-15 CVE-2020-14147 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
network
low complexity
redislabs oracle suse debian CWE-190
4.0
2020-04-03 CVE-2019-18904 Resource Exhaustion vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations.
network
low complexity
opensuse suse CWE-400
5.0
2018-10-23 CVE-2018-16837 Missing Encryption of Sensitive Data vulnerability in multiple products
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen.
local
low complexity
redhat debian suse CWE-311
2.1
2018-09-26 CVE-2018-16588 Incorrect Permission Assignment for Critical Resource vulnerability in Suse Shadow
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15).
local
low complexity
suse CWE-732
4.6