Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Filtered by product Linux Enterprise Server
Total 498 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-13079 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13087 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-15638 2 Opensuse, Suse 5 Leap, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2025-04-20 6.4 MEDIUM 6.5 MEDIUM
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.
CVE-2017-14491 13 Arista, Arubanetworks, Canonical and 10 more 29 Eos, Arubaos, Ubuntu Linux and 26 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2015-4680 2 Freeradius, Suse 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit 2025-04-20 5.0 MEDIUM 7.5 HIGH
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2017-13078 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13088 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2014-9854 4 Canonical, Imagemagick, Opensuse and 1 more 7 Ubuntu Linux, Imagemagick, Leap and 4 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
CVE-2015-8567 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-04-20 6.8 MEDIUM 7.7 HIGH
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2002-20001 6 Balasys, F5, Hpe and 3 more 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more 2025-04-15 5.0 MEDIUM 7.5 HIGH
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVE-2014-1500 5 Mozilla, Opensuse, Opensuse Project and 2 more 8 Firefox, Seamonkey, Opensuse and 5 more 2025-04-12 5.0 MEDIUM N/A
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
CVE-2015-2737 5 Canonical, Debian, Mozilla and 2 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-04-12 10.0 HIGH N/A
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
CVE-2015-0505 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2014-0198 6 Debian, Fedoraproject, Mariadb and 3 more 9 Debian Linux, Fedora, Mariadb and 6 more 2025-04-12 4.3 MEDIUM N/A
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
CVE-2015-0374 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
CVE-2014-4652 4 Canonical, Linux, Redhat and 1 more 6 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 3 more 2025-04-12 1.9 LOW N/A
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
CVE-2015-2576 2 Oracle, Suse 4 Mysql, Linux Enterprise Desktop, Linux Enterprise Server and 1 more 2025-04-12 2.1 LOW N/A
Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.
CVE-2016-5244 4 Fedoraproject, Linux, Redhat and 1 more 11 Fedora, Linux Kernel, Enterprise Linux and 8 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE-2015-0391 4 Mariadb, Oracle, Redhat and 1 more 12 Mariadb, Mysql, Enterprise Linux Desktop and 9 more 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2016-4957 5 Novell, Ntp, Opensuse and 2 more 9 Suse Manager, Ntp, Leap and 6 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.