Suse Linux Enterprise
By the Year
In 2023 there have been 0 vulnerabilities in Suse Linux Enterprise . Last year Linux Enterprise had 3 security vulnerabilities published. Right now, Linux Enterprise is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 3 | 7.60 |
2021 | 1 | 7.10 |
2020 | 1 | 7.70 |
2019 | 0 | 0.00 |
2018 | 2 | 8.80 |
It may take a day or so for new Linux Enterprise vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Suse Linux Enterprise Security Vulnerabilities
A flaw in the Linux kernel's implementation of RDMA communications manager listener code
CVE-2021-4028
7.8 - High
- August 24, 2022
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
Dangling pointer
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names
CVE-2021-41819
7.5 - High
- January 01, 2022
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Reliance on Cookies without Validation and Integrity Checking
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string
CVE-2021-41817
7.5 - High
- January 01, 2022
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
vim is vulnerable to Out-of-bounds Read
CVE-2021-4166
7.1 - High
- December 25, 2021
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3
CVE-2020-14147
7.7 - High
- June 15, 2020
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Memory Corruption
An issue was discovered in aubio 0.4.6
CVE-2018-14522
8.8 - High
- July 23, 2018
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
Buffer Overflow
An issue was discovered in aubio 0.4.6
CVE-2018-14523
8.8 - High
- July 23, 2018
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
Out-of-bounds Read
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key
CVE-2016-2178
5.5 - Medium
- June 20, 2016
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Side Channel Attack
Red Hat Satellite 5.6 and earlier does not disable the web interface
CVE-2013-4480
- November 18, 2013
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
Exposure of Resource to Wrong Sphere
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which
CVE-2010-4180
- December 06, 2010
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for F5 Networks Nginx or by Suse? Click the Watch button to subscribe.
