本ページは suse linux_enterprise に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-23301 | Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | [email protected] | 5.5 | 0.29% | 2024-01-12 | 2026-06-17 |
| CVE-2023-34256 | An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. | [email protected] | 5.5 | 0.25% | 2023-05-31 | 2026-06-17 |
| CVE-2021-4028 | A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. | [email protected] | 7.8 | 0.30% | 2022-08-24 | 2026-06-17 |
| CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | [email protected] | 7.5 | 2.93% | 2022-01-01 | 2026-06-17 |
| CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | [email protected] | 7.5 | 3.22% | 2022-01-01 | 2026-06-17 |
| CVE-2021-4166 | vim is vulnerable to Out-of-bounds Read | [email protected] | 7.1 | 1.59% | 2021-12-25 | 2026-06-17 |
| CVE-2020-14147 | An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. | [email protected] | 7.7 | 3.08% | 2020-06-15 | 2026-06-16 |
| CVE-2018-14523 | An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. | [email protected] | 8.8 | 1.97% | 2018-07-23 | 2026-06-16 |
| CVE-2018-14522 | An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. | [email protected] | 8.8 | 1.95% | 2018-07-23 | 2026-06-16 |
| CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | [email protected] | 7.8 | 2.33% | 2017-04-12 | 2026-06-16 |
| CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | [email protected] | 7.8 | 2.33% | 2017-04-12 | 2026-06-16 |
| CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | [email protected] | 7.8 | 1.93% | 2017-04-12 | 2026-06-16 |
| CVE-2016-8569 | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | [email protected] | 5.5 | 1.84% | 2017-02-03 | 2026-06-16 |
| CVE-2016-8568 | The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | [email protected] | 5.5 | 1.92% | 2017-02-03 | 2026-06-16 |
| CVE-2016-7966 | Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | [email protected] | 7.3 | 2.34% | 2016-12-23 | 2026-06-16 |
| CVE-2016-7099 | The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | [email protected] | 5.9 | 2.84% | 2016-10-10 | 2026-06-16 |
| CVE-2016-5325 | CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | [email protected] | 6.1 | 4.11% | 2016-10-10 | 2026-06-16 |
| CVE-2016-5131 | Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | [email protected] | 8.8 | 2.27% | 2016-07-23 | 2026-06-16 |
| CVE-2016-2178 | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | [email protected] | 5.5 | 1.17% | 2016-06-19 | 2026-06-16 |
| CVE-2016-1703 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 8.8 | 1.15% | 2016-06-05 | 2026-06-16 |