Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-15707 |
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. Published: July 29, 2020; 2:15:14 PM -0400 |
V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-15706 |
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. Published: July 29, 2020; 2:15:14 PM -0400 |
V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-15705 |
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Published: July 29, 2020; 2:15:14 PM -0400 |
V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2019-3475 |
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. Published: February 20, 2019; 5:29:00 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-3474 |
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. Published: February 20, 2019; 5:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2011-3172 |
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. Published: June 08, 2018; 9:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2015-5707 |
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. Published: October 19, 2015; 6:59:05 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2014-8134 |
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. Published: December 12, 2014; 1:59:03 PM -0500 |
V3.1: 3.3 LOW V2.0: 1.9 LOW |
CVE-2014-8559 |
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. Published: November 10, 2014; 6:55:09 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2014-8369 |
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. Published: November 10, 2014; 6:55:08 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2014-7826 |
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. Published: November 10, 2014; 6:55:08 AM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2014-3687 |
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2014-3673 |
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2014-3647 |
A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 1.9 LOW |
CVE-2014-3646 |
It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2014-3610 |
It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2014-3654 |
Stored and reflected cross-site scripting (XSS) flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. Published: November 03, 2014; 11:55:03 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8086 |
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. Published: October 13, 2014; 6:55:09 AM -0400 |
V3.1: 4.7 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2014-3595 |
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. Published: September 22, 2014; 11:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3601 |
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. Published: August 31, 2014; 9:55:18 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |