Vulnerabilities > Suse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-28 | CVE-2021-32001 | Unspecified vulnerability in Suse Rancher K3S and Rancher Rke2 K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. | 6.5 |
| 2021-06-30 | CVE-2021-25321 | Unspecified vulnerability in Suse Arpwatch 2.1A15/2.1A15169.5/2.1A15Lp152.5.5 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. | 7.8 |
| 2021-06-02 | CVE-2018-10195 | Integer Overflow or Wraparound vulnerability in multiple products lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | 3.6 |
| 2021-05-05 | CVE-2021-25317 | Incorrect Default Permissions vulnerability in multiple products A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. | 3.3 |
| 2021-04-14 | CVE-2021-25314 | Creation of Temporary File With Insecure Permissions vulnerability in Suse Hawk2 2.6.3+Git.1614684118.Af555Ad9/2.6.3+Git.1614685906.812C31E9 A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. | 7.8 |
| 2021-04-14 | CVE-2021-25316 | Insecure Temporary File vulnerability in Suse S390-Tools 2.1.018.29.1 A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. | 3.3 |
| 2021-03-05 | CVE-2021-25313 | Cross-site Scripting vulnerability in Suse Rancher A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. | 4.3 |
| 2021-02-11 | CVE-2020-8030 | Insecure Temporary File vulnerability in Suse Caas Platform 4.5 A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster. | 3.6 |
| 2021-02-11 | CVE-2020-8029 | Incorrect Permission Assignment for Critical Resource vulnerability in Suse Caas Platform 4.5 A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. | 2.1 |
| 2020-09-17 | CVE-2020-8028 | Improper Access Control vulnerability in Suse Salt-Netapi-Client A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. | 7.2 |