Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2021-06-30 CVE-2021-25321 Unix Symbolic Link (Symlink) Following vulnerability in Suse Arpwatch
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch.
local
low complexity
suse CWE-61
7.2
2021-06-02 CVE-2018-10195 Integer Overflow OR Wraparound vulnerability in multiple products
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
local
low complexity
lrzsz-project suse CWE-190
3.6
2021-05-05 CVE-2021-25317 Incorrect Default Permissions vulnerability in multiple products
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content.
local
low complexity
suse fedoraproject CWE-276
2.1
2021-04-14 CVE-2021-25314 Creation of Temporary File With Insecure Permissions vulnerability in Suse Hawk2
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root.
local
low complexity
suse CWE-378
7.2
2021-02-11 CVE-2020-8030 Insecure Temporary File vulnerability in Suse Caas Platform 4.5
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
local
low complexity
suse CWE-377
3.6
2021-02-11 CVE-2020-8029 Incorrect Permission Assignment for Critical Resource vulnerability in Suse Caas Platform 4.5
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key.
local
low complexity
suse CWE-732
2.1
2020-09-17 CVE-2020-8028 Improper Access Control vulnerability in Suse Salt-Netapi-Client
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager.
local
low complexity
suse CWE-284
7.2
2020-08-07 CVE-2020-8025 Incorrect Execution-Assigned Permissions vulnerability in Suse products
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings.
local
low complexity
suse CWE-279
4.6
2020-07-29 CVE-2020-15707 Race Condition vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
4.4
2020-07-29 CVE-2020-15706 USE After Free vulnerability in multiple products
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
4.4