Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2018-12476 Path Traversal vulnerability in Suse Obs-Service-Tar SCM
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed.
network
low complexity
suse CWE-22
7.5
2020-01-24 CVE-2019-3700 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Suse Yast2-Security
yast2-security didn't use secure defaults to protect passwords.
local
low complexity
suse CWE-327
3.3
2020-01-24 CVE-2019-3694 A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root.
local
low complexity
opensuse suse
7.8
2020-01-24 CVE-2019-3693 A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root.
local
low complexity
suse opensuse
7.8
2020-01-24 CVE-2019-3692 The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks.
local
low complexity
suse opensuse
7.8
2020-01-24 CVE-2019-3687 Incorrect Default Permissions vulnerability in Suse Linux Enterprise Server
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic.
local
low complexity
suse CWE-276
3.3
2020-01-23 CVE-2015-5239 Infinite Loop vulnerability in multiple products
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
network
low complexity
qemu fedoraproject canonical suse arista CWE-835
6.5
2020-01-23 CVE-2019-18898 UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root.
local
low complexity
suse opensuse
7.8
2020-01-17 CVE-2019-3686 Cross-site Scripting vulnerability in Suse Openqa
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter.
network
low complexity
suse CWE-79
6.1
2020-01-17 CVE-2019-3683 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project.
network
low complexity
suse hp CWE-732
8.8