Vulnerabilities > Suse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-04 | CVE-2023-22651 | Unspecified vulnerability in Suse Rancher Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. | 9.9 |
| 2023-02-07 | CVE-2022-31249 | Unspecified vulnerability in Suse Wrangler A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. | 9.8 |
| 2023-02-07 | CVE-2022-43755 | Unspecified vulnerability in Suse Rancher A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. | 9.8 |
| 2022-09-07 | CVE-2021-36782 | Unspecified vulnerability in Suse Rancher A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. | 9.9 |
| 2022-09-07 | CVE-2021-36783 | Insufficiently Protected Credentials vulnerability in Suse Rancher A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. | 9.9 |
| 2022-09-07 | CVE-2022-31247 | Unspecified vulnerability in Suse Rancher An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. | 9.1 |
| 2020-09-17 | CVE-2020-8028 | Unspecified vulnerability in Suse Salt-Netapi-Client 0.16.04.14.1/0.17.03.3.2 A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. | 9.3 |
| 2020-08-07 | CVE-2020-8025 | Unspecified vulnerability in Suse products A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. | 9.3 |
| 2020-03-02 | CVE-2019-18903 | Use After Free vulnerability in multiple products A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. | 9.8 |
| 2020-03-02 | CVE-2019-18902 | Use After Free vulnerability in multiple products A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. | 9.8 |