Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2020-03-03 CVE-2019-3696 Path Traversal vulnerability in Opensuse PCP
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content.
4.4
2020-03-03 CVE-2019-3695 Code Injection vulnerability in Opensuse PCP
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1.
local
low complexity
opensuse suse CWE-94
7.2
2020-03-02 CVE-2020-8013 Link Following vulnerability in Suse Linux Enterprise Server 11/12/15
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks.
local
suse CWE-59
1.9
2020-03-02 CVE-2019-18903 USE After Free vulnerability in multiple products
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.
network
low complexity
opensuse suse CWE-416
7.5
2020-03-02 CVE-2019-18902 USE After Free vulnerability in multiple products
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.
network
low complexity
opensuse suse CWE-416
7.5
2020-03-02 CVE-2019-18901 Link Following vulnerability in multiple products
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640.
local
low complexity
opensuse suse CWE-59
2.1
2020-03-02 CVE-2019-18897 Link Following vulnerability in Suse Linux Enterprise Server 12/15
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root.
local
low complexity
suse CWE-59
7.2
2020-02-17 CVE-2014-1947 Out-Of-Bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
6.8
2020-01-27 CVE-2006-7246 Improper Certificate Validation vulnerability in multiple products
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
high complexity
gnome opensuse suse CWE-295
3.2
2020-01-27 CVE-2017-14807 SQL Injection vulnerability in Suse Studio Onsite and Susestudio-Ui-Server
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data.
network
low complexity
suse CWE-89
5.5