Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-25315 Incorrect Implementation of Authentication Algorithm vulnerability in multiple products
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials.
local
low complexity
opensuse suse saltstack CWE-303
4.6
2021-02-11 CVE-2020-8030 Insecure Temporary File vulnerability in Suse Caas Platform 4.5
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
local
low complexity
suse CWE-377
3.6
2021-02-11 CVE-2020-8029 Incorrect Permission Assignment for Critical Resource vulnerability in Suse Caas Platform 4.5
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key.
local
low complexity
suse CWE-732
2.1
2020-09-17 CVE-2020-8028 Improper Access Control vulnerability in Suse Salt-Netapi-Client
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager.
local
low complexity
suse CWE-284
7.2
2020-08-07 CVE-2020-8025 Incorrect Execution-Assigned Permissions vulnerability in Suse products
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings.
local
low complexity
suse CWE-279
4.6
2020-07-29 CVE-2020-15707 Race Condition vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
4.4
2020-07-29 CVE-2020-15706 USE After Free vulnerability in multiple products
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
4.4
2020-07-29 CVE-2020-15705 Improper Verification of Cryptographic Signature vulnerability in multiple products
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
4.4
2020-06-29 CVE-2019-3681 External Control of File Name OR Path vulnerability in Opensuse OSC
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files.
6.4
2020-05-04 CVE-2020-8018 Incorrect Default Permissions vulnerability in Suse Linux Enterprise Desktop 15
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;
local
low complexity
suse CWE-276
7.2