Yast2

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-26	CVE-2016-1601	Credentials Management vulnerability in Suse Yast2 yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. network low complexity suse CWE-255 critical	9.8