Suse Linux Enterprise Server vulnerabilities
472 known vulnerabilities affecting suse/linux_enterprise_server.
Total CVEs
472
CISA KEV
17
actively exploited
Public exploits
51
Exploited in wild
19
Severity breakdown
CRITICAL116HIGH91MEDIUM215LOW50
Vulnerabilities
Page 1 of 24
CVE-2026-25702CRITICALCVSS 9.8v122026-03-05
CVE-2026-25702 [HIGH] CWE-284 CVE-2026-25702: A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 br
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
nvd
CVE-2024-46956HIGHCVSS 7.8v122024-11-10
CVE-2024-46956 [HIGH] CWE-125 CVE-2024-46956: An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data acc
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
nvd
CVE-2024-46953HIGHCVSS 7.8v122024-11-10
CVE-2024-46953 [HIGH] CWE-190 CVE-2024-46953: An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflo
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
nvd
CVE-2024-46951HIGHCVSS 7.8v122024-11-10
CVE-2024-46951 [HIGH] CWE-824 CVE-2024-46951: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implemen
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
nvd
CVE-2024-46955MEDIUMCVSS 5.5v122024-11-10
CVE-2024-46955 [MEDIUM] CWE-125 CVE-2024-46955: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bo
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
nvd
CVE-2023-29552HIGHCVSS 7.5KEVv11v12+1 more2023-04-25
CVE-2023-29552 [HIGH] CVE-2023-29552: The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
nvd
CVE-2023-23005MEDIUMCVSS 5.5v152023-03-01
CVE-2023-23005 [MEDIUM] CWE-476 CVE-2023-23005: In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.
nvd
CVE-2022-45153HIGHCVSS 7.8v122023-02-15
CVE-2022-45153 [HIGH] CWE-276 CVE-2022-45153: An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SA
nvd
CVE-2022-31252MEDIUMCVSS 4.4v122022-10-06
CVE-2022-31252 [MEDIUM] CWE-863 CVE-2022-31252: A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolutio
nvd
CVE-2015-1931MEDIUMCVSS 5.5v112022-09-29
CVE-2015-1931 [MEDIUM] CWE-312 CVE-2015-1931: IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
nvd
CVE-2022-27239HIGHCVSS 7.8v11v12+1 more2022-04-27
CVE-2022-27239 [HIGH] CWE-787 CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-li
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
nvd
CVE-2021-45082HIGHCVSS 7.8v11v12+1 more2022-02-19
CVE-2021-45082 [HIGH] CWE-77 CVE-2021-45082: An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_inva
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
nvd
CVE-2021-4034HIGHCVSS 7.8KEVPoCv152022-01-28
CVE-2021-4034 [HIGH] CWE-787 CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variabl
nvd
CVE-2002-20001HIGHCVSS 7.5v11v12+1 more2021-11-11
CVE-2002-20001 [HIGH] CWE-400 CVE-2002-20001: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arb
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disr
nvd
CVE-2021-32000HIGHCVSS 7.1v12v152021-07-28
CVE-2021-32000 [LOW] CWE-59 CVE-2021-32000: A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clo
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.
nvd
CVE-2018-10195HIGHCVSS 7.1v11v122021-06-02
CVE-2018-10195 [HIGH] CWE-190 CVE-2018-10195: lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect lengt
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
nvd
CVE-2020-8025CRITICALCVSS 9.3v152020-08-07
CVE-2020-8025 [MEDIUM] CWE-279 CVE-2020-8025: A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux En
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects
nvd
CVE-2019-18902CRITICALCVSS 9.8v12v152020-03-02
CVE-2019-18902 [HIGH] CWE-416 CVE-2019-18902: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to
nvd
CVE-2019-18903CRITICALCVSS 9.8v12v152020-03-02
CVE-2019-18903 [HIGH] CWE-416 CVE-2019-18903: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior t
nvd
CVE-2019-18897HIGHCVSS 7.8v12v152020-03-02
CVE-2019-18897 [HIGH] CWE-59 CVE-2019-18897: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterp
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linu
nvd
1 / 24Next →