Vulnerabilities > Suse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2018-12476 | Path Traversal vulnerability in Suse Obs-Service-Tar SCM Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. | 7.5 |
| 2020-01-24 | CVE-2019-3700 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Suse Yast2-Security yast2-security didn't use secure defaults to protect passwords. | 3.3 |
| 2020-01-24 | CVE-2019-3694 | Link Following vulnerability in multiple products A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. | 7.8 |
| 2020-01-24 | CVE-2019-3693 | Link Following vulnerability in multiple products A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. | 7.8 |
| 2020-01-24 | CVE-2019-3692 | Link Following vulnerability in multiple products The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. | 7.8 |
| 2020-01-24 | CVE-2019-3687 | Incorrect Default Permissions vulnerability in Suse Linux Enterprise Server The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. | 3.3 |
| 2020-01-23 | CVE-2015-5239 | Infinite Loop vulnerability in multiple products Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | 6.5 |
| 2020-01-23 | CVE-2019-18898 | Link Following vulnerability in multiple products UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. | 7.8 |
| 2020-01-17 | CVE-2019-3686 | Cross-site Scripting vulnerability in Suse Openqa openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. | 6.1 |
| 2020-01-17 | CVE-2019-3683 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. | 8.8 |