Suse Linux Enterprise High Availability Extension — known CVE vulnerabilities
Every CVE whose affected-product data names Suse Linux Enterprise High Availability Extension, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2017-18017 — CVSS 9.8 (critical): The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote…
CVE-2014-2323 — CVSS 9.8 (critical): SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via…
CVE-2012-1097 — CVSS 7.8 (high): The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods…
CVE-2010-2798 — CVSS 7.8 (high): The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations…
CVE-2014-3468 — CVSS 7.5 (high): The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which…
CVE-2014-1737 — CVSS 7.2 (high): The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during…
CVE-2010-2959 — CVSS 7.2 (high): Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before…
CVE-2010-3865 — CVSS 7.2 (high): Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service…
CVE-2013-3301 — CVSS 7.2 (high): The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and…
CVE-2010-2537 — CVSS 7.1 (high): The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file…
CVE-2014-2706 — CVSS 7.1 (high): Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system…
CVE-2010-1437 — CVSS 7.0 (high): Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local…
CVE-2010-3079 — CVSS 5.5 (medium): kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex…
CVE-2012-1090 — CVSS 5.5 (medium): The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via…
CVE-2012-1146 — CVSS 5.5 (medium): The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple…
CVE-2010-2066 — CVSS 5.5 (medium): The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only…
CVE-2010-2538 — CVSS 5.5 (medium): Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain…
CVE-2012-0879 — CVSS 5.5 (medium): The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows…
CVE-2015-3281 — CVSS 5.0 (medium): The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending…
CVE-2014-2324 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to…
CVE-2014-3467 — CVSS 5.0 (medium): Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a…
CVE-2014-3469 — CVSS 5.0 (medium): The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a…
CVE-2014-4027 — CVSS 2.3 (low): The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a…
CVE-2014-1739 — CVSS 2.1 (low): The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain…
CVE-2014-1738 — CVSS 2.1 (low): The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain…
CVE-2010-2803 — CVSS 1.9 (low): The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53…