1
|
7.5
-
|
HIGH
Network
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-o…
|
NVD-CWE-noinfo
|
CVE-2023-29552
|
cpe:2.3:o:suse:linux_enterprise_server:15:* cpe:2.3:o:suse:linux_enterprise_server:15:* cpe:2.3:o:suse:linux_ente…
|
|
|
|
|
2023-05-5 04:07
2023-04-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2
|
5.5
-
|
MEDIUM
Local
|
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is di…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-23005
|
cpe:2.3:o:suse:linux_enterprise_server:15:sp5
|
|
|
|
|
2024-05-17 11:19
2023-03-2
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
7.8
-
|
HIGH
Local
|
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4…
|
CWE-276
Incorrect Default Permissions
|
CVE-2022-45153
|
cpe:2.3:o:suse:linux_enterprise_server:12:sp5
|
|
|
|
|
2023-02-25 03:57
2023-02-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
4.4
-
|
MEDIUM
Local
|
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path compone…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31252
|
cpe:2.3:o:suse:linux_enterprise_server:12:sp5
|
|
|
|
|
2022-11-8 05:20
2022-10-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
5.5
-
|
MEDIUM
Local
|
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pl…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2015-1931
|
cpe:2.3:o:suse:linux_enterprise_server:11:sp4 cpe:2.3:o:suse:linux_enterprise_server:11:sp3 cpe:2.3:o:suse:linux_…
|
|
|
|
|
2022-09-30 12:04
2022-09-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
7.8
7.2
|
HIGH
Local
|
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
|
CWE-787
Out-of-bounds Write
|
CVE-2022-27239
|
cpe:2.3:o:suse:linux_enterprise_server:15:sp4 cpe:2.3:o:suse:linux_enterprise_server:15:sp3 cpe:2.3:o:suse:linux_…
|
|
|
|
|
2023-11-25 00:15
2022-04-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
7.8
4.6
|
HIGH
Local
|
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring…
|
CWE-77
Command Injection
|
CVE-2021-45082
|
cpe:2.3:o:suse:linux_enterprise_server:15:sp3 cpe:2.3:o:suse:linux_enterprise_server:15:sp2 cpe:2.3:o:suse:linux_…
|
|
|
|
|
2023-11-7 12:39
2022-02-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
7.8
7.2
|
HIGH
Local
|
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users accor…
|
CWE-125 CWE-787
Out-of-bounds Read Out-of-bounds Write
|
CVE-2021-4034
|
cpe:2.3:o:suse:linux_enterprise_server:15:sp2 cpe:2.3:o:suse:linux_enterprise_server:15:sp2
|
|
|
|
|
2023-11-7 12:40
2022-01-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
7.5
5.0
|
HIGH
Network
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exp…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2002-20001
|
cpe:2.3:o:suse:linux_enterprise_server:15:* cpe:2.3:o:suse:linux_enterprise_server:12:- cpe:2.3:o:suse:linux_ente…
|
|
|
|
|
2024-04-23 16:15
2021-11-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
10
|
7.1
6.6
|
HIGH
Local
|
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; ope…
|
CWE-59
Link Following
|
CVE-2021-32000
|
cpe:2.3:o:suse:linux_enterprise_server:15:sp1 cpe:2.3:o:suse:linux_enterprise_server:12:sp3
|
|
|
|
|
2023-06-22 00:19
2021-07-28
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|