Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-31252 A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution.
local
low complexity
suse opensuse
4.4
2022-09-29 CVE-2015-1931 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
local
low complexity
ibm suse redhat CWE-312
5.5
2022-09-07 CVE-2021-36782 Unspecified vulnerability in Suse Rancher
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data.
network
low complexity
suse
critical
9.9
2022-09-07 CVE-2021-36783 Insufficiently Protected Credentials vulnerability in Suse Rancher
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints.
network
low complexity
suse CWE-522
critical
9.9
2022-09-07 CVE-2022-31247 Unspecified vulnerability in Suse Rancher
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster.
network
low complexity
suse
critical
9.1
2022-08-24 CVE-2021-4028 A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free.
local
low complexity
linux suse
7.8
2022-06-22 CVE-2022-21952 Unspecified vulnerability in Suse Manager Server
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS.
network
low complexity
suse
7.5
2022-06-22 CVE-2022-31248 Unspecified vulnerability in Suse Manager Server
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames.
network
low complexity
suse
5.3
2022-05-25 CVE-2022-21951 Unspecified vulnerability in Suse Rancher
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.
network
high complexity
suse
6.8
2022-05-02 CVE-2021-36778 Unspecified vulnerability in Suse Rancher
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers.
network
low complexity
suse
7.5