Vulnerabilities > Suse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-12 | CVE-2024-23301 | Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. | 5.5 |
2023-12-12 | CVE-2020-10676 | Incorrect Authorization vulnerability in Suse Rancher In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | 8.8 |
2023-09-20 | CVE-2023-22644 | Information Exposure Through Log Files vulnerability in Suse Manager Server An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4. | 5.5 |
2023-09-19 | CVE-2023-32182 | Link Following vulnerability in multiple products A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | 7.8 |
2023-09-19 | CVE-2023-32186 | Allocation of Resources Without Limits or Throttling vulnerability in Suse Rancher Rke2 A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1. | 7.5 |
2023-06-01 | CVE-2022-43760 | Cross-site Scripting vulnerability in Suse Rancher An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. | 8.4 |
2023-06-01 | CVE-2023-22647 | Unspecified vulnerability in Suse Rancher An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. low complexity suse | 8.0 |
2023-06-01 | CVE-2023-22648 | Unspecified vulnerability in Suse Rancher 2.6.10/2.7.0/2.7.1 A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. | 8.8 |
2023-05-31 | CVE-2023-34256 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.3. | 5.5 |
2023-05-04 | CVE-2023-22651 | Improper Privilege Management vulnerability in Suse Rancher Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. | 9.9 |