Suse: >> Suse Linux Enterprise Server >> 12 Security Vulnerabilities
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-06-08
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSS Score
5.6
EPSS Score
0.943
Published
2018-01-04
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVSS Score
7.5
EPSS Score
0.2
Published
2017-07-21
Stack-based buffer overflow in game-music-emu before 0.6.1.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-04-12
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-04-12
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-04-12
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
CVSS Score
7.8
EPSS Score
0.001
Published
2017-03-23
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
CVSS Score
7.5
EPSS Score
0.017
Published
2017-03-17
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
CVSS Score
4.3
EPSS Score
0.041
Published
2017-01-30
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVSS Score
7.5
EPSS Score
0.007
Published
2016-06-27