Linux Enterprise Suse Linux Enterprise

Do you want an email whenever new security vulnerabilities are reported in Suse Linux Enterprise?

By the Year

In 2022 there have been 2 vulnerabilities in Suse Linux Enterprise with an average score of 7.5 out of ten. Last year Linux Enterprise had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.40.

Year Vulnerabilities Average Score
2022 2 7.50
2021 1 7.10
2020 1 7.70
2019 0 0.00
2018 2 8.80

It may take a day or so for new Linux Enterprise vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Suse Linux Enterprise Security Vulnerabilities

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names

CVE-2021-41819 7.5 - High - January 01, 2022

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string

CVE-2021-41817 7.5 - High - January 01, 2022

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

vim is vulnerable to Out-of-bounds Read

CVE-2021-4166 7.1 - High - December 25, 2021

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3

CVE-2020-14147 7.7 - High - June 15, 2020

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Memory Corruption

An issue was discovered in aubio 0.4.6

CVE-2018-14522 8.8 - High - July 23, 2018

An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.

Buffer Overflow

An issue was discovered in aubio 0.4.6

CVE-2018-14523 8.8 - High - July 23, 2018

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.

Out-of-bounds Read

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key

CVE-2016-2178 5.5 - Medium - June 20, 2016

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Suse Linux Enterprise or by Suse? Click the Watch button to subscribe.

Suse
Vendor

subscribe