Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2020-09-17 CVE-2020-8028 Unspecified vulnerability in Suse Salt-Netapi-Client 0.16.04.14.1/0.17.03.3.2
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager.
local
low complexity
suse
critical
9.3
2020-08-19 CVE-2020-24368 Path Traversal vulnerability in multiple products
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2.
network
low complexity
icinga debian suse CWE-22
7.5
2020-08-07 CVE-2020-8025 Unspecified vulnerability in Suse products
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings.
local
low complexity
suse
critical
9.3
2020-07-29 CVE-2020-15707 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
6.4
2020-07-29 CVE-2020-15706 Use After Free vulnerability in multiple products
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
6.4
2020-07-29 CVE-2020-15705 Improper Verification of Cryptographic Signature vulnerability in multiple products
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
6.4
2020-06-15 CVE-2020-14147 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
network
low complexity
redislabs oracle suse debian CWE-190
7.7
2020-05-04 CVE-2020-8018 Incorrect Default Permissions vulnerability in Suse Linux Enterprise Desktop 15
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;
local
low complexity
suse CWE-276
7.8
2020-04-03 CVE-2018-17954 Improper Privilege Management vulnerability in Suse Openstack Cloud and Openstack Cloud Crowbar
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node.
local
low complexity
suse CWE-269
7.8
2020-03-23 CVE-2020-6449 Use After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject suse opensuse CWE-416
8.8