Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2017-14806 Improper Certificate Validation vulnerability in Suse Studio Onsite and Susestudio-Ui-Server
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections.
network
suse CWE-295
4.3
2020-01-27 CVE-2018-20105 Information Exposure Through LOG Files vulnerability in multiple products
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file.
local
low complexity
yast2-rmt-project opensuse suse CWE-532
2.1
2020-01-27 CVE-2018-12476 Path Traversal vulnerability in Suse Obs-Service-Tar SCM
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed.
network
low complexity
suse CWE-22
6.4
2020-01-24 CVE-2019-18900 Incorrect Default Permissions vulnerability in Opensuse Libzypp
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies.
local
low complexity
opensuse suse CWE-276
2.1
2020-01-24 CVE-2019-3700 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Suse Yast2-Security
yast2-security didn't use secure defaults to protect passwords.
local
low complexity
suse CWE-327
2.1
2020-01-24 CVE-2019-3694 Link Following vulnerability in multiple products
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root.
local
low complexity
opensuse suse CWE-59
7.2
2020-01-24 CVE-2019-3693 Link Following vulnerability in Suse Mailman 2.1.159.6.15.1/2.1.173.11.1/2.1.29Lp151.2.14
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root.
local
low complexity
suse CWE-59
7.2
2020-01-24 CVE-2019-3692 Link Following vulnerability in Suse INN
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks.
local
low complexity
suse CWE-59
7.2
2020-01-24 CVE-2019-3687 Incorrect Default Permissions vulnerability in Suse Linux Enterprise Server
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic.
local
suse CWE-276
1.9
2020-01-23 CVE-2015-5239 Infinite Loop vulnerability in multiple products
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
network
low complexity
qemu fedoraproject canonical suse CWE-835
4.0