Filtered by vendor Suse Subscriptions
Filtered by product Suse Linux Enterprise Server Subscriptions
Total 143 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-22643 2 Opensuse, Suse 3 Leap, Libzypp-plugin-appdata, Suse Linux Enterprise Server 2024-11-21 6.3 Medium
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
CVE-2022-21944 2 Opensuse, Suse 2 Factory Watchman, Suse Linux Enterprise Server 2024-11-21 7.8 High
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVE-2021-25315 3 Opensuse, Saltstack, Suse 3 Tumbleweed, Salt, Suse Linux Enterprise Server 2024-11-21 9.8 Critical
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
CVE-2020-6449 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6429 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6428 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6427 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6426 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 6.5 Medium
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6424 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6422 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Chrome and 4 more 2024-11-21 8.8 High
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-5504 3 Debian, Phpmyadmin, Suse 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server 2024-11-21 8.8 High
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
CVE-2020-15707 8 Canonical, Debian, Gnu and 5 more 19 Ubuntu Linux, Debian Linux, Grub2 and 16 more 2024-11-21 5.7 Medium
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15706 7 Canonical, Debian, Gnu and 4 more 18 Ubuntu Linux, Debian Linux, Grub2 and 15 more 2024-11-21 6.4 Medium
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15705 7 Canonical, Debian, Gnu and 4 more 18 Ubuntu Linux, Debian Linux, Grub2 and 15 more 2024-11-21 6.4 Medium
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2019-3691 2 Opensuse, Suse 3 Factory, Munge, Suse Linux Enterprise Server 2024-11-21 7.7 High
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.
CVE-2019-3688 1 Suse 1 Suse Linux Enterprise Server 2024-11-21 5.1 Medium
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
CVE-2019-3475 2 Microfocus, Suse 2 Filr, Suse Linux Enterprise Server 2024-11-21 7.8 High
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3474 2 Microfocus, Suse 2 Filr, Suse Linux Enterprise Server 2024-11-21 N/A
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-18900 2 Opensuse, Suse 3 Libzypp, Caas Platform, Suse Linux Enterprise Server 2024-11-21 4 Medium
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.
CVE-2019-18898 2 Opensuse, Suse 4 Leap, Opensuse Factory, Suse Linux Enterprise Server and 1 more 2024-11-21 7.7 High
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.