Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*
  • CPE Name Search: true
There are 48 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

Published: July 29, 2020; 2:15:14 PM -0400
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

Published: July 29, 2020; 2:15:14 PM -0400
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Published: July 29, 2020; 2:15:14 PM -0400
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6428

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6427

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6426

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-6424

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6422

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-18900

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.

Published: January 24, 2020; 11:15:10 AM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

Published: January 09, 2020; 5:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-19655

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

Published: November 29, 2018; 12:29:01 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

Published: November 28, 2018; 12:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

Published: November 28, 2018; 12:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Published: November 07, 2018; 12:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Published: July 13, 2018; 6:29:00 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2018-11053

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Published: June 26, 2018; 6:29:00 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2011-3172

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.

Published: June 08, 2018; 9:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Published: January 04, 2018; 8:29:00 AM -0500
V3.1: 5.6 MEDIUM
V2.0: 4.7 MEDIUM