High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-07	CVE-2022-43756	Injection vulnerability in Suse Wrangler A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. network low complexity suse CWE-74	7.5
2023-02-07	CVE-2022-43757	Cleartext Storage of Sensitive Information vulnerability in Suse Rancher A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. network low complexity suse CWE-312	8.8
2023-02-07	CVE-2022-43759	Improper Privilege Management vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. network low complexity suse CWE-269	8.8
2022-08-24	CVE-2021-4028	Use After Free vulnerability in multiple products A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. local low complexity linux suse CWE-416	7.8
2022-06-22	CVE-2022-21952	Missing Authentication for Critical Function vulnerability in Suse Manager Server A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. network low complexity suse CWE-306	7.5
2022-05-02	CVE-2021-36778	Incorrect Authorization vulnerability in Suse Rancher A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. network low complexity suse CWE-863	7.5
2022-04-27	CVE-2022-27239	Out-of-bounds Write vulnerability in multiple products In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. local low complexity samba debian suse hp fedoraproject CWE-787	7.8
2022-04-01	CVE-2022-21947	Exposure of Resource to Wrong Sphere vulnerability in Suse Rancher Desktop A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. low complexity suse CWE-668	8.8
2022-02-19	CVE-2021-45082	Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. local low complexity cobbler-project suse opensuse fedoraproject CWE-77	7.8
2022-01-28	CVE-2021-4034	Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. local low complexity polkit-project redhat canonical suse oracle siemens starwindsoftware CWE-787	7.8