Vulnerabilities > Suse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-12303 | Injection vulnerability in Suse Rancher In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. | 8.8 |
| 2019-06-06 | CVE-2019-12274 | Missing Authorization vulnerability in Suse Rancher In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. | 8.8 |
| 2019-05-23 | CVE-2019-5798 | Out-of-bounds Read vulnerability in multiple products Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 6.5 |
| 2019-05-13 | CVE-2019-3684 | Insecure Storage of Sensitive Information vulnerability in Suse Manager 1.7/2.1/4.0.7 SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem | 5.9 |
| 2019-04-10 | CVE-2019-6287 | Improper Privilege Management vulnerability in Suse Rancher In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. | 8.1 |
| 2019-04-10 | CVE-2018-20321 | Exposure of Resource to Wrong Sphere vulnerability in Suse Rancher An issue was discovered in Rancher 2 through 2.1.5. | 8.8 |
| 2019-03-21 | CVE-2019-6690 | Improper Input Validation vulnerability in multiple products python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. | 7.5 |
| 2019-03-21 | CVE-2017-16232 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. | 7.5 |
| 2019-02-27 | CVE-2019-9211 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | 6.5 |
| 2019-01-03 | CVE-2018-16876 | Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | 5.3 |