Linux Enterprise Suse Linux Enterprise

Do you want an email whenever new security vulnerabilities are reported in Suse Linux Enterprise?

By the Year

In 2023 there have been 0 vulnerabilities in Suse Linux Enterprise . Last year Linux Enterprise had 3 security vulnerabilities published. Right now, Linux Enterprise is on track to have less security vulnerabilities in 2023 than it did last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 3 7.60
2021 1 7.10
2020 1 7.70
2019 0 0.00
2018 2 8.80

It may take a day or so for new Linux Enterprise vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Suse Linux Enterprise Security Vulnerabilities

A flaw in the Linux kernel's implementation of RDMA communications manager listener code

CVE-2021-4028 7.8 - High - August 24, 2022

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Dangling pointer

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names

CVE-2021-41819 7.5 - High - January 01, 2022

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Reliance on Cookies without Validation and Integrity Checking

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string

CVE-2021-41817 7.5 - High - January 01, 2022

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

vim is vulnerable to Out-of-bounds Read

CVE-2021-4166 7.1 - High - December 25, 2021

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3

CVE-2020-14147 7.7 - High - June 15, 2020

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Memory Corruption

An issue was discovered in aubio 0.4.6

CVE-2018-14522 8.8 - High - July 23, 2018

An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.

Buffer Overflow

An issue was discovered in aubio 0.4.6

CVE-2018-14523 8.8 - High - July 23, 2018

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.

Out-of-bounds Read

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key

CVE-2016-2178 5.5 - Medium - June 20, 2016

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Side Channel Attack

Red Hat Satellite 5.6 and earlier does not disable the web interface

CVE-2013-4480 - November 18, 2013

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

Exposure of Resource to Wrong Sphere

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which

CVE-2010-4180 - December 06, 2010

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for F5 Networks Nginx or by Suse? Click the Watch button to subscribe.

Suse
Vendor

subscribe