Vulnerabilities > Suse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-02 | CVE-2021-36784 | Improper Privilege Management vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. | 7.2 |
2022-05-02 | CVE-2021-4200 | Unspecified vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. | 5.4 |
2022-04-27 | CVE-2022-27239 | Out-of-bounds Write vulnerability in multiple products In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | 7.8 |
2022-04-01 | CVE-2022-21947 | Unspecified vulnerability in Suse Rancher Desktop A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. low complexity suse | 8.8 |
2022-02-19 | CVE-2021-45082 | Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.8 |
2022-01-28 | CVE-2021-4034 | Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. | 7.8 |
2022-01-01 | CVE-2021-41819 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. | 7.5 |
2022-01-01 | CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. | 7.5 |
2021-12-25 | CVE-2021-4166 | vim is vulnerable to Out-of-bounds Read | 7.1 |
2021-11-11 | CVE-2002-20001 | Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. | 7.5 |