Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2019-10-07 CVE-2019-3688 Incorrect Default Permissions vulnerability in Suse Linux Enterprise Server 12/15
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions.
local
low complexity
suse CWE-276
6.6
2019-06-19 CVE-2019-11038 USE of Uninitialized Resource vulnerability in multiple products
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable.
5.0
2019-05-13 CVE-2019-3684 Insecure Storage of Sensitive Information vulnerability in Suse Manager 1.7/4.0.7
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
network
suse CWE-922
4.3
2019-05-07 CVE-2019-7443 Improper Input Validation vulnerability in multiple products
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp.
network
kde opensuse suse fedoraproject CWE-20
critical
9.3
2019-03-21 CVE-2019-6690 Improper Input Validation vulnerability in multiple products
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended.
network
low complexity
python debian opensuse suse canonical CWE-20
5.0
2019-03-21 CVE-2017-16232 Missing Release of Resource After Effective Lifetime vulnerability in multiple products
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c.
network
low complexity
libtiff opensuse suse CWE-772
5.0
2019-02-27 CVE-2019-9211 Reachable Assertion vulnerability in multiple products
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
4.3
2019-01-03 CVE-2018-16876 Information Exposure vulnerability in multiple products
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
network
low complexity
redhat debian suse canonical CWE-200
3.5
2018-12-26 CVE-2018-17957 Improper Authentication vulnerability in Suse Repository Mirroring Tool 1.0/1.1.0
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
local
low complexity
suse CWE-287
2.1
2018-12-14 CVE-2018-16874 Improper Input Validation vulnerability in multiple products
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters).
6.8