Vulnerabilities > Suse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-26 | CVE-2018-16588 | Incorrect Permission Assignment for Critical Resource vulnerability in Suse Shadow Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). | 4.6 |
| 2018-07-24 | CVE-2017-3224 | Insufficient Verification of Data Authenticity vulnerability in multiple products Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. | 4.3 |
| 2018-07-23 | CVE-2018-14523 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in aubio 0.4.6. | 6.8 |
| 2018-07-23 | CVE-2018-14522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in aubio 0.4.6. | 6.8 |
| 2018-07-13 | CVE-2018-10875 | Untrusted Search Path vulnerability in multiple products A flaw was found in ansible. | 4.6 |
| 2018-06-08 | CVE-2011-4190 | Cryptographic Issues vulnerability in Suse products The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. | 5.3 |
| 2018-03-30 | CVE-2018-7566 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | 4.6 |
| 2018-03-11 | CVE-2018-8059 | Improper Certificate Validation vulnerability in Suse Portus 2.3.0 The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used. | 5.8 |
| 2018-03-01 | CVE-2017-14804 | Improper Input Validation vulnerability in multiple products The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | 5.3 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 4.7 |