Computer vulnerabilities of SLES

Podman: file corruption via Container Image
A local attacker can create a symbolic link in a Container Image, in order to alter the pointed file, with privileges of Podman on the host system...
CVE-2019-18466, openSUSE-SU-2020:0398-1, RHSA-2020:1227-01, SUSE-SU-2020:0697-1, VIGILANCE-VUL-31801

gd: information disclosure via gdImageCreateFromXbm
An attacker can bypass access restrictions to data via gdImageCreateFromXbm() of gd, in order to obtain sensitive information...
CVE-2019-11038, openSUSE-SU-2020:0332-1, SSA:2020-083-01, SUSE-SU-2020:0623-1, USN-4316-1, USN-4316-2, VIGILANCE-VUL-31749

Apache mod_auth_openidc: open redirect via Slash Backslash
An attacker can deceive the user via Slash Backslash of Apache mod_auth_openidc, in order to redirect him to a malicious site...
CVE-2019-20479, DLA-2130-1, openSUSE-SU-2020:0376-1, SUSE-SU-2020:0705-1, SUSE-SU-2020:0706-1, VIGILANCE-VUL-31708

SUSE LE Permission: information disclosure via dumpcap
An attacker can bypass access restrictions to data via dumpcap of SUSE LE Permission, in order to obtain sensitive information...
CVE-2019-3687, openSUSE-SU-2020:0302-1, SUSE-SU-2020:0547-1, VIGILANCE-VUL-31704

Linux kernel: out-of-bounds memory reading via f2fs ttm_put_pages
An attacker can force a read at an invalid address via f2fs ttm_put_pages() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information...
CERTFR-2020-AVI-119, CERTFR-2020-AVI-124, CERTFR-2020-AVI-130, CERTFR-2020-AVI-148, CVE-2019-19927, openSUSE-SU-2020:0336-1, SUSE-SU-2020:0511-1, SUSE-SU-2020:0558-1, SUSE-SU-2020:0560-1, SUSE-SU-2020:0580-1, SUSE-SU-2020:0605-1, VIGILANCE-VUL-31698

cloud-init: information disclosure via Small Password Prediction
An attacker can bypass access restrictions to data via Small Password Prediction of cloud-init, in order to obtain sensitive information...
CVE-2020-8632, DLA-2113-1, openSUSE-SU-2020:0400-1, SUSE-SU-2020:0585-1, SUSE-SU-2020:0751-1, VIGILANCE-VUL-31655

cloud-init: information disclosure via Mersenne Twister Password Prediction
An attacker can bypass access restrictions to data via Mersenne Twister Password Prediction of cloud-init, in order to obtain sensitive information...
CVE-2020-8631, DLA-2113-1, openSUSE-SU-2020:0400-1, SUSE-SU-2020:0585-1, SUSE-SU-2020:0751-1, VIGILANCE-VUL-31654

QEMU: NULL pointer dereference via AHCI
An attacker can force a NULL pointer to be dereferenced via AHCI of QEMU, in order to trigger a denial of service...
CVE-2019-12067, SUSE-SU-2020:0388-1, VIGILANCE-VUL-31618

libgd: NULL pointer dereference via gdImageClone
An attacker can force a NULL pointer to be dereferenced via gdImageClone() of libgd, in order to trigger a denial of service...
CVE-2018-14553, DLA-2106-1, openSUSE-SU-2020:0332-1, SSA:2020-083-01, SUSE-SU-2020:0594-1, SUSE-SU-2020:0623-1, USN-4316-1, USN-4316-2, VIGILANCE-VUL-31617

Linux kernel: infinite loop via ext4_protect_reserved_inode
An attacker can trigger an infinite loop via ext4_protect_reserved_inode() of the Linux kernel, in order to trigger a denial of service...
CERTFR-2020-AVI-119, CERTFR-2020-AVI-124, CERTFR-2020-AVI-130, CERTFR-2020-AVI-191, CVE-2020-8992, openSUSE-SU-2020:0336-1, SUSE-SU-2020:0511-1, SUSE-SU-2020:0558-1, SUSE-SU-2020:0559-1, SUSE-SU-2020:0560-1, SUSE-SU-2020:0580-1, SUSE-SU-2020:0649-1, SUSE-SU-2020:0667-1, SUSE-SU-2020:0688-1, USN-4318-1, USN-4324-1, VIGILANCE-VUL-31611

Our database contains other pages. You can request a free trial to read them.

Display information about SLES:

https://www.suse.com/products/server/