Linux Enterprise Server

linux_enterprise_server

Vendor: Suse • 474 CVEs

CVEs (474)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-31431 12Amazon AristaCanonical+9 more 41Amazon Linux Basesystem ModuleCaas Platform+38 more May 21, 2026 Apr 22, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is...Show more In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.Show less
CVE-2026-25702 1Suse 1Linux Enterprise Server Mar 9, 2026 Mar 5, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise...Show more A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.Show less
CVE-2024-46956 3Artifex DebianSuse 5Debian Linux GhostscriptLinux Enterprise High Performance Computing+2 more Nov 3, 2025 Nov 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
CVE-2024-46955 3Artifex DebianSuse 5Debian Linux GhostscriptLinux Enterprise High Performance Computing+2 more Nov 3, 2025 Nov 10, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
CVE-2024-46953 3Artifex DebianSuse 5Debian Linux GhostscriptLinux Enterprise High Performance Computing+2 more Nov 3, 2025 Nov 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traver...Show more An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.Show less
CVE-2024-46951 3Artifex DebianSuse 5Debian Linux GhostscriptLinux Enterprise High Performance Computing+2 more Nov 3, 2025 Nov 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
CVE-2023-29552 4Netapp Service Location Protocol ProjectSuse+1 more 5Esxi Linux Enterprise ServerManager Server+2 more Oct 31, 2025 Apr 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with...Show more The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.Show less
CVE-2023-23005 2Linux Suse 2Linux Enterprise Server Linux Kernel Mar 19, 2025 Mar 1, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parti...Show more In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.Show less
CVE-2022-45153 2Opensuse Suse 3Leap Linux Enterprise Module For Sap ApplicationsLinux Enterprise Server Nov 21, 2024 Feb 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attacke...Show more An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.Show less
CVE-2022-31252 2Opensuse Suse 3Leap Leap MicroLinux Enterprise Server Nov 21, 2024 Oct 6, 2022 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local a...Show more A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.Show less
CVE-2015-1931 3Ibm RedhatSuse 8Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+5 more Nov 21, 2024 Sep 29, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information i...Show more IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.Show less
CVE-2022-27239 5Debian FedoraprojectHp+2 more 19Caas Platform Cifs UtilsDebian Linux+16 more Nov 21, 2024 Apr 27, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2021-45082 4Cobbler Project FedoraprojectOpensuse+1 more 5Backports CobblerFactory+2 more Nov 21, 2024 Feb 19, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginni...Show more An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)Show less
CVE-2021-4034 7Canonical OraclePolkit Project+4 more 30Command Center Enterprise LinuxEnterprise Linux Desktop+27 more Nov 6, 2025 Jan 28, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined polic...Show more A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.Show less
CVE-2002-20001 6Balasys F5Hpe+3 more 30Arubaos Cx Big Ip Access Policy ManagerBig Ip Advanced Firewall Manager+27 more Aug 22, 2025 Nov 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculati...Show more The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.Show less
CVE-2021-32000 1Suse 2Linux Enterprise Server Opensuse Factory Nov 21, 2024 Jul 28, 2021 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows...Show more A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.Show less
CVE-2018-10195 3Debian Lrzsz ProjectSuse 5Debian Linux Linux Enterprise DebuginfoLinux Enterprise Desktop+2 more Nov 21, 2024 Jun 2, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
CVE-2020-8025 1Suse 3Linux Enterprise High Performance Computing Linux Enterprise ServerLinux Enterprise Software Development Kit Nov 21, 2024 Aug 7, 2020 N/A· v4 9.3 CRITICAL· v3 4.6 MEDIUM· v2 A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15....Show more A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.Show less
CVE-2020-8013 2Opensuse Suse 2Leap Linux Enterprise Server Nov 21, 2024 Mar 2, 2020 N/A· v4 2.5 LOW· v3 1.9 LOW· v2 A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on oth...Show more A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.Show less
CVE-2019-18903 2Opensuse Suse 2Leap Linux Enterprise Server Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue aff...Show more A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.Show less

12 3 4 5...24 Next