Suse Linux Enterprise Server vulnerabilities

CVE-2018-19052 [HIGH] CWE-22 CVE-2018-19052: An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. Ther An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

CVE-2018-6556 [LOW] CWE-417 CVE-2018-6556: lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). A

CVE-2011-3172 [CRITICAL] CWE-304 CVE-2011-3172: A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that s A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.

CVE-2011-4190 [MEDIUM] CVE-2011-4190: The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH inte The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security se

CVE-2017-14798 [HIGH] CWE-61 CVE-2017-14798: A race condition in the postgresql init script could be used by attackers able to access the postgre A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

CVE-2017-5753 [MEDIUM] CWE-203 CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2015-3405 [HIGH] CWE-331 CVE-2015-3405: ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

CVE-2015-5300 [HIGH] CWE-361 CVE-2015-5300: The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system c The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests f

CVE-2016-9959 [HIGH] CWE-125 CVE-2016-9959: game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

CVE-2016-9958 [HIGH] CWE-119 CVE-2016-9958: game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

CVE-2016-9957 [HIGH] CWE-119 CVE-2016-9957: Stack-based buffer overflow in game-music-emu before 0.6.1. Stack-based buffer overflow in game-music-emu before 0.6.1.

CVE-2016-1602 [HIGH] CWE-94 CVE-2016-1602: A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

CVE-2014-9854 [HIGH] CWE-399 CVE-2014-9854: coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

CVE-2015-7976 [MEDIUM] CWE-254 CVE-2015-7976: The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

CVE-2016-5244 [HIGH] CWE-200 CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initiali The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

CVE-2015-5041 [CRITICAL] CWE-200 CVE-2015-5041: The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

CVE-2016-0264 [MEDIUM] CWE-119 CVE-2016-0264: Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2016-3714 [HIGH] CWE-20 CVE-2016-3714: The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in I The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

CVE-2015-8778 [CRITICAL] CWE-119 CVE-2015-8778: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent atta Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

CVE-2015-8776 [CRITICAL] CWE-189 CVE-2015-8776: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.