Suse Linux Enterprise Desktop vulnerabilities
460 known vulnerabilities affecting suse/linux_enterprise_desktop.
Total CVEs
460
CISA KEV
35
actively exploited
Public exploits
57
Exploited in wild
35
Severity breakdown
CRITICAL135HIGH109MEDIUM174LOW42
Vulnerabilities
Page 2 of 23
CVE-2017-13086MEDIUMCVSS 6.8v122017-10-17
CVE-2017-13086 [MEDIUM] CWE-323 CVE-2017-13086: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS)
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
nvd
CVE-2017-13088MEDIUMCVSS 5.3v122017-10-17
CVE-2017-13088 [MEDIUM] CWE-323 CVE-2017-13088: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Gr
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13087MEDIUMCVSS 5.3v122017-10-17
CVE-2017-13087 [MEDIUM] CWE-330 CVE-2017-13087: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Tempor
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13080MEDIUMCVSS 5.3v122017-10-17
CVE-2017-13080 [MEDIUM] CWE-323 CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during t
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13079MEDIUMCVSS 5.3v122017-10-17
CVE-2017-13079 [MEDIUM] CWE-323 CVE-2017-13079: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integr
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
nvd
CVE-2017-13078MEDIUMCVSS 5.3v122017-10-17
CVE-2017-13078 [MEDIUM] CWE-323 CVE-2017-13078: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during t
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13077MEDIUMCVSS 6.8v122017-10-17
CVE-2017-13077 [MEDIUM] CWE-330 CVE-2017-13077: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temp
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
nvd
CVE-2017-13081MEDIUMCVSS 5.3v122017-10-17
CVE-2017-13081 [MEDIUM] CWE-323 CVE-2017-13081: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integr
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
nvd
CVE-2017-13084MEDIUMCVSS 6.8v122017-10-17
CVE-2017-13084 [MEDIUM] CWE-323 CVE-2017-13084: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Tr
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
nvd
CVE-2015-5300HIGHCVSS 7.5v122017-07-21
CVE-2015-5300 [HIGH] CWE-361 CVE-2015-5300: The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system c
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests f
nvd
CVE-2015-8567HIGHCVSS 7.7v11v122017-04-13
CVE-2015-8567 [HIGH] CWE-401 CVE-2015-8567: Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory co
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
nvd
CVE-2016-9959HIGHCVSS 7.8v122017-04-12
CVE-2016-9959 [HIGH] CWE-125 CVE-2016-9959: game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
nvd
CVE-2016-9958HIGHCVSS 7.8v122017-04-12
CVE-2016-9958 [HIGH] CWE-119 CVE-2016-9958: game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
nvd
CVE-2016-9957HIGHCVSS 7.8v122017-04-12
CVE-2016-9957 [HIGH] CWE-119 CVE-2016-9957: Stack-based buffer overflow in game-music-emu before 0.6.1.
Stack-based buffer overflow in game-music-emu before 0.6.1.
nvd
CVE-2016-1602HIGHCVSS 7.8v122017-03-23
CVE-2016-1602 [HIGH] CWE-94 CVE-2016-1602: A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
nvd
CVE-2016-9398HIGHCVSS 7.5v122017-03-23
CVE-2016-9398 [HIGH] CWE-617 CVE-2016-9398: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
nvd
CVE-2014-9852CRITICALCVSS 9.8v122017-03-17
CVE-2014-9852 [CRITICAL] CWE-913 CVE-2014-9852: distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remot
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
nvd
CVE-2014-9853MEDIUMCVSS 5.5v122017-03-17
CVE-2014-9853 [MEDIUM] CWE-399 CVE-2014-9853: Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (mem
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
nvd
CVE-2017-5898MEDIUMCVSS 5.5v122017-03-15
CVE-2017-5898 [MEDIUM] CWE-190 CVE-2017-5898: Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emu
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
nvd
CVE-2015-7976MEDIUMCVSS 4.3v122017-01-30
CVE-2015-7976 [MEDIUM] CWE-254 CVE-2015-7976: The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
nvd