This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Suse First view 2014-06-11
Product Suse Linux Enterprise Server Last view 2020-07-29
Version 12 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:suse:suse_linux_enterprise_server

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.4 2020-07-29 CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

6.4 2020-07-29 CVE-2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

6.4 2020-07-29 CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

8.8 2020-03-23 CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-03-23 CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-03-23 CVE-2020-6428

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-03-23 CVE-2020-6427

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5 2020-03-23 CVE-2020-6426

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-03-23 CVE-2020-6424

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-03-23 CVE-2020-6422

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2.5 2020-03-02 CVE-2020-8013

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

9.8 2020-03-02 CVE-2019-18903

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.

9.8 2020-03-02 CVE-2019-18902

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.

5.5 2020-03-02 CVE-2019-18901

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

7.8 2020-03-02 CVE-2019-18897

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

8.8 2020-01-09 CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

7.5 2018-11-28 CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

7.5 2018-11-28 CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

7.5 2018-11-07 CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

9.8 2018-06-08 CVE-2011-3172

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.8 2017-04-12 CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

7.8 2017-04-12 CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

7.8 2017-04-12 CVE-2016-9957

Stack-based buffer overflow in game-music-emu before 0.6.1.

CWE : Common Weakness Enumeration

%idName
26% (14) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17% (9) CWE-416 Use After Free
7% (4) CWE-200 Information Exposure
5% (3) CWE-59 Improper Link Resolution Before File Access ('Link Following')
5% (3) CWE-17 Code
3% (2) CWE-362 Race Condition
3% (2) CWE-189 Numeric Errors
3% (2) CWE-20 Improper Input Validation
1% (1) CWE-787 Out-of-bounds Write
1% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-399 Resource Management Errors
1% (1) CWE-361 Time and State
1% (1) CWE-347 Improper Verification of Cryptographic Signature
1% (1) CWE-310 Cryptographic Issues
1% (1) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-254 Security Features
1% (1) CWE-125 Out-of-bounds Read
1% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
1% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39006 - Type : FILE-IMAGE - Revision : 3
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39005 - Type : FILE-IMAGE - Revision : 3
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39004 - Type : FILE-IMAGE - Revision : 3
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39003 - Type : FILE-IMAGE - Revision : 3
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39002 - Type : FILE-IMAGE - Revision : 3
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39001 - Type : FILE-IMAGE - Revision : 3
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39000 - Type : FILE-IMAGE - Revision : 3
2016-06-17 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 38948 - Type : FILE-IMAGE - Revision : 4
2016-06-17 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 38947 - Type : FILE-IMAGE - Revision : 4
2016-06-17 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 38946 - Type : FILE-IMAGE - Revision : 4
2016-06-17 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 38945 - Type : FILE-IMAGE - Revision : 4
2016-06-14 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 38871 - Type : FILE-IMAGE - Revision : 5
2016-06-07 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 38744 - Type : FILE-IMAGE - Revision : 7
2016-06-07 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 38743 - Type : FILE-IMAGE - Revision : 6
2016-03-14 glibc getaddrinfo AAAA record stack buffer overflow attempt
RuleID : 37731-community - Type : PROTOCOL-DNS - Revision : 5
2016-03-22 glibc getaddrinfo AAAA record stack buffer overflow attempt
RuleID : 37731 - Type : PROTOCOL-DNS - Revision : 5
2016-03-14 glibc getaddrinfo A record stack buffer overflow attempt
RuleID : 37730-community - Type : PROTOCOL-DNS - Revision : 5
2016-03-22 glibc getaddrinfo A record stack buffer overflow attempt
RuleID : 37730 - Type : PROTOCOL-DNS - Revision : 5
2015-07-13 Linux kernel SCTP Unknown Chunk Types denial of service attempt
RuleID : 34802 - Type : OS-LINUX - Revision : 2
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33806 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33805 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33804 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33803 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33802 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33801 - Type : SERVER-OTHER - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-12-28 Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO
2018-12-06 Name: The remote web server is affected by multiple vulnerabilities
File: lighttpd_1_4_50.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO
2018-05-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0017.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL31211252.nasl - Type: ACT_GATHER_INFO
2017-10-12 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_9164f51eae2011e7a633009c02a2ab30.nasl - Type: ACT_GATHER_INFO
2017-09-25 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-266-02.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL52320548.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1199.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1200.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-877.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_glibc_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1916.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-02.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1216.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_6.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application running on the remote host is affected by multiple vulnerabili...
File: itunes_12_6_banner.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: The remote host contains an application that is affected by multiple vulnerab...
File: macos_itunes_12_6.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1009.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1021.nasl - Type: ACT_GATHER_INFO