Vulnerabilities > Suse
|2020-09-17||CVE-2020-8028|| Improper Access Control vulnerability in Suse Salt-Netapi-Client |
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager.
| 7.2 |
|2020-08-07||CVE-2020-8025|| Incorrect Execution-Assigned Permissions vulnerability in Suse products |
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings.
| 4.6 |
|2020-07-29||CVE-2020-15707|| Race Condition vulnerability in multiple products |
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
| 4.4 |
|2020-07-29||CVE-2020-15706|| USE After Free vulnerability in multiple products |
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
| 4.4 |
|2020-07-29||CVE-2020-15705|| Improper Verification of Cryptographic Signature vulnerability in multiple products |
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
| 4.4 |
|2020-06-29||CVE-2019-3681|| External Control of File Name OR Path vulnerability in Opensuse OSC |
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files.
| 6.4 |
|2020-05-04||CVE-2020-8018|| Incorrect Default Permissions vulnerability in Suse Linux Enterprise Desktop 15 |
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;
| 7.2 |
|2020-04-03||CVE-2019-18905|| Insufficient Verification of Data Authenticity vulnerability in Opensuse Autoyast2 4.0.703.20.1/184.108.40.206.1 |
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images.
| 4.3 |
|2020-04-03||CVE-2019-18904|| Resource Exhaustion vulnerability in Opensuse Rmt-Server 220.127.116.11.1/18.104.22.168.1/2.5.2Lp22.214.171.124 |
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations.
| 5.0 |
|2020-04-03||CVE-2018-17954|| Improper Privilege Management vulnerability in Suse Openstack Cloud and Openstack Cloud Crowbar |
A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node.
| 7.2 |