Vulnerabilities > Suse
|2020-01-23||CVE-2019-18898|| Link Following vulnerability in Suse Trousers 0.3.146.3.1 |
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root.
| 7.2 |
|2020-01-17||CVE-2019-3686|| Cross-Site Scripting vulnerability in Suse Openqa |
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter.
| 4.3 |
|2020-01-17||CVE-2019-3683|| Incorrect Permission Assignment FOR Critical Resource vulnerability in multiple products |
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project.
| 6.5 |
|2020-01-17||CVE-2019-3682|| Exposure of Resource TO Wrong Sphere vulnerability in Suse Caas Platform 3.0 |
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
| 4.6 |
|2020-01-09||CVE-2020-5504|| SQL Injection vulnerability in multiple products |
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page.
| 6.5 |
|2020-01-02||CVE-2010-3782|| Incorrect Authorization vulnerability in multiple products |
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.
| 6.5 |
|2019-11-25||CVE-2012-6639|| Improper Privilege Management vulnerability in multiple products |
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
| 9.0 |
|2019-11-15||CVE-2016-5285|| Null Pointer Dereference vulnerability in multiple products |
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
| 5.0 |
|2019-10-07||CVE-2019-3688|| Incorrect Default Permissions vulnerability in Suse Linux Enterprise Server 12/15 |
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions.
| 6.6 |
|2019-06-19||CVE-2019-11038|| USE of Uninitialized Resource vulnerability in multiple products |
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable.
| 5.0 |