Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-18898 Link Following vulnerability in Suse Trousers 0.3.146.3.1
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root.
local
low complexity
suse CWE-59
7.2
2020-01-17 CVE-2019-3686 Cross-Site Scripting vulnerability in Suse Openqa
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter.
network
suse CWE-79
4.3
2020-01-17 CVE-2019-3683 Incorrect Permission Assignment FOR Critical Resource vulnerability in multiple products
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project.
network
low complexity
suse hp CWE-732
6.5
2020-01-17 CVE-2019-3682 Exposure of Resource TO Wrong Sphere vulnerability in Suse Caas Platform 3.0
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
local
low complexity
suse CWE-668
4.6
2020-01-09 CVE-2020-5504 SQL Injection vulnerability in multiple products
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page.
network
low complexity
phpmyadmin suse debian CWE-89
6.5
2020-01-02 CVE-2010-3782 Incorrect Authorization vulnerability in multiple products
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.
network
low complexity
obs-server suse CWE-863
6.5
2019-11-25 CVE-2012-6639 Improper Privilege Management vulnerability in multiple products
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
network
low complexity
canonical debian suse CWE-269
critical
9.0
2019-11-15 CVE-2016-5285 Null Pointer Dereference vulnerability in multiple products
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
network
low complexity
mozilla debian redhat suse avaya CWE-476
5.0
2019-10-07 CVE-2019-3688 Incorrect Default Permissions vulnerability in Suse Linux Enterprise Server 12/15
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions.
local
low complexity
suse CWE-276
6.6
2019-06-19 CVE-2019-11038 USE of Uninitialized Resource vulnerability in multiple products
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable.
5.0