Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2024-23301 Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. 5.5
2023-12-12 CVE-2020-10676 Incorrect Authorization vulnerability in Suse Rancher
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.
network
low complexity
suse CWE-863
8.8
2023-09-20 CVE-2023-22644 Information Exposure Through Log Files vulnerability in Suse Manager Server
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.
local
low complexity
suse CWE-532
5.5
2023-09-19 CVE-2023-32182 Link Following vulnerability in multiple products
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
local
low complexity
opensuse suse CWE-59
7.8
2023-09-19 CVE-2023-32186 Allocation of Resources Without Limits or Throttling vulnerability in Suse Rancher Rke2
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.
network
low complexity
suse CWE-770
7.5
2023-06-01 CVE-2022-43760 Cross-site Scripting vulnerability in Suse Rancher
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims.
network
low complexity
suse CWE-79
8.4
2023-06-01 CVE-2023-22647 Unspecified vulnerability in Suse Rancher
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved.
low complexity
suse
8.0
2023-06-01 CVE-2023-22648 Unspecified vulnerability in Suse Rancher 2.6.10/2.7.0/2.7.1
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI.
network
low complexity
suse
8.8
2023-05-31 CVE-2023-34256 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.3.3.
local
low complexity
linux suse debian CWE-125
5.5
2023-05-04 CVE-2023-22651 Improper Privilege Management vulnerability in Suse Rancher
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation.
network
low complexity
suse CWE-269
critical
9.9