Linux Enterprise

linux_enterprise

Vendor: Suse • 97 CVEs

CVEs (97)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-23301 4Fedoraproject RedhatRelax And Recover+1 more 4Enterprise Linux FedoraLinux Enterprise+1 more Dec 10, 2025 Jan 12, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
CVE-2023-34256 3Debian LinuxSuse 3Debian Linux Linux EnterpriseLinux Kernel Mar 11, 2025 May 31, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this...Show more An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.Show less
CVE-2021-4028 2Linux Suse 2Linux Enterprise Linux Kernel Nov 21, 2024 Aug 24, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free....Show more A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.Show less
CVE-2021-41819 6Debian FedoraprojectOpensuse+3 more 9Cgi Debian LinuxEnterprise Linux+6 more May 22, 2025 Jan 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2021-41817 6Debian FedoraprojectOpensuse+3 more 9Date Debian LinuxEnterprise Linux+6 more Nov 21, 2024 Jan 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-4166 7Apple DebianFedoraproject+4 more 8Debian Linux Enterprise LinuxFactory+5 more Nov 21, 2024 Dec 25, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 vim is vulnerable to Out-of-bounds Read
CVE-2020-14147 4Debian OracleRedislabs+1 more 4Communications Operations Monitor Debian LinuxLinux Enterprise+1 more Nov 21, 2024 Jun 15, 2020 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and a...Show more An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.Show less
CVE-2018-14523 3Aubio OpensuseSuse 3Aubio LeapLinux Enterprise Nov 21, 2024 Jul 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
CVE-2018-14522 3Aubio OpensuseSuse 3Aubio LeapLinux Enterprise Nov 21, 2024 Jul 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
CVE-2016-9959 4Game Music Emu Project OpensuseOpensuse Project+1 more 9Game Music Emu LeapLeap+6 more May 13, 2026 Apr 12, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2016-9958 4Game Music Emu Project OpensuseOpensuse Project+1 more 9Game Music Emu LeapLeap+6 more May 13, 2026 Apr 12, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVE-2016-9957 4Game Music Emu Project OpensuseOpensuse Project+1 more 9Game Music Emu LeapLeap+6 more May 13, 2026 Apr 12, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in game-music-emu before 0.6.1.
CVE-2016-8569 4Fedoraproject Libgit2 ProjectOpensuse+1 more 5Fedora LeapLibgit2+2 more May 13, 2026 Feb 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
CVE-2016-8568 4Fedoraproject Libgit2 ProjectOpensuse+1 more 5Fedora LeapLibgit2+2 more May 13, 2026 Feb 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
CVE-2016-7966 4Debian FedoraprojectKde+1 more 4Debian Linux FedoraKmail+1 more May 6, 2026 Dec 23, 2016 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space int...Show more Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.Show less
CVE-2016-7099 2Nodejs Suse 2Linux Enterprise Node.js May 6, 2026 Oct 10, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows m...Show more The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.Show less
CVE-2016-5325 2Nodejs Suse 2Linux Enterprise Node.js May 6, 2026 Oct 10, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP heade...Show more CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.Show less
CVE-2016-5131 8Apple CanonicalDebian+5 more 14Chrome Debian LinuxEnterprise Linux Desktop+11 more May 6, 2026 Jul 23, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to t...Show more Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.Show less
CVE-2016-2178 6Canonical DebianNodejs+3 more 7Debian Linux LinuxLinux Enterprise+4 more May 6, 2026 Jun 20, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timin...Show more The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.Show less
CVE-2016-1703 6Canonical DebianGoogle+3 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more May 6, 2026 Jun 5, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

12 3 4 5 Next