Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:suse:suse_linux_enterprise_server:12:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 45 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

Published: July 29, 2020; 2:15:14 PM -0400
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

Published: July 29, 2020; 2:15:14 PM -0400
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Published: July 29, 2020; 2:15:14 PM -0400
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6428

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6427

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6426

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-6424

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-6422

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: March 23, 2020; 12:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-18900

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.

Published: January 24, 2020; 11:15:10 AM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

Published: January 09, 2020; 5:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

Published: November 28, 2018; 12:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

Published: November 28, 2018; 12:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Published: November 07, 2018; 12:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Published: July 13, 2018; 6:29:00 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2011-3172

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.

Published: June 08, 2018; 9:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Published: July 21, 2017; 10:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

Published: April 12, 2017; 4:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

Published: April 12, 2017; 4:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM