Vulnerabilities > Suse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-04 | CVE-2023-22651 | Improper Privilege Management vulnerability in Suse Rancher Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. | 9.9 |
| 2023-02-07 | CVE-2022-43755 | Insufficient Entropy vulnerability in Suse Rancher A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. | 9.8 |
| 2023-02-07 | CVE-2022-31249 | OS Command Injection vulnerability in Suse Wrangler A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. | 9.8 |
| 2022-09-07 | CVE-2021-36783 | Insufficiently Protected Credentials vulnerability in Suse Rancher A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. | 9.9 |
| 2022-09-07 | CVE-2021-36782 | Cleartext Storage of Sensitive Information vulnerability in Suse Rancher A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. | 9.9 |
| 2019-11-25 | CVE-2012-6639 | Improper Privilege Management vulnerability in multiple products An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | 9.0 |
| 2019-04-10 | CVE-2018-20321 | Exposure of Resource to Wrong Sphere vulnerability in Suse Rancher An issue was discovered in Rancher 2 through 2.1.5. | 9.0 |
| 2018-10-04 | CVE-2018-12470 | SQL Injection vulnerability in Suse Subscription Management Tool A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. | 9.8 |
| 2018-10-04 | CVE-2018-12472 | Improper Authentication vulnerability in Suse Subscription Management Tool A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. | 9.1 |
| 2018-06-08 | CVE-2011-3172 | Permissions, Privileges, and Access Controls vulnerability in Suse Linux Enterprise Server A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. | 9.8 |