Vulnerabilities > Suse > Caas Platform

DATE CVE VULNERABILITY TITLE RISK
2022-04-27 CVE-2022-27239 Out-of-bounds Write vulnerability in multiple products
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
local
low complexity
samba debian suse hp fedoraproject CWE-787
7.8
2021-02-11 CVE-2020-8030 Insecure Temporary File vulnerability in Suse Caas Platform 4.5
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
local
low complexity
suse CWE-377
3.6
2021-02-11 CVE-2020-8029 Incorrect Permission Assignment for Critical Resource vulnerability in Suse Caas Platform 4.5
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key.
local
low complexity
suse CWE-732
2.1
2020-01-24 CVE-2019-18900 Incorrect Default Permissions vulnerability in Opensuse Libzypp
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies.
local
low complexity
opensuse suse CWE-276
2.1
2020-01-17 CVE-2019-3682 Exposure of Resource to Wrong Sphere vulnerability in Suse Caas Platform 3.0
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
local
low complexity
suse CWE-668
4.6
2018-08-10 CVE-2018-6556 Channel and Path Errors vulnerability in multiple products
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path.
2.1
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8