Latest Suse Vulnerabilities

CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Relax-and-recover Relax-and-recover<=2.7
SUSE Linux Enterprise=15.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
CVE-2023-22644
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive informatio...
SUSE Manager Server>=4.2<4.2.50-150300.3.66.5
SUSE Manager Server>=4.3<4.3.58-150400.3.46.4
CVE-2023-32182
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfi...
openSUSE Leap=15.5
SUSE Linux Enterprise High Performance Computing=15.0-sp5
SUSE SUSE Linux Enterprise Desktop=15-sp5
CVE-2023-32186
### Impact An issue was found in RKE2 where an attacker with network access to RKE2 servers' supervisor port (TCP 9345) can force the TLS server to add entries to the certificate's Subject Alternativ...
go/github.com/rancher/rke2>=1.28.0<1.28.1
go/github.com/rancher/rke2>=1.27.0<1.27.5
go/github.com/rancher/rke2>=1.26.0<1.26.8
go/github.com/rancher/rke2>=1.25.0<1.25.13
go/github.com/rancher/rke2<1.24.17
Suse Rancher Rke2>=1.24.0\+rke2r1<1.24.17\+rke2r1
and 5 more
CVE-2020-10676
### Impact A vulnerability was identified in which users with update privileges on a namespace, can move that namespace into a project they don't have access to. After the namespace transfer is comple...
SUSE Rancher>=2.0.0<2.6.13
SUSE Rancher>=2.7.0<2.7.4
go/github.com/rancher/rancher>=2.7.0<2.7.4
go/github.com/rancher/rancher>=2.6.0<2.6.13
CVE-2023-22648
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to...
SUSE Rancher>=2.6.7<2.6.13
SUSE Rancher>=2.7.0<2.7.4
CVE-2023-22647
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the se...
go/rancher/rancher>=2.7.0<2.7.4
go/rancher/rancher>=2.6.0<2.6.13
SUSE Rancher>=2.6.0<2.6.13
SUSE Rancher>=2.7.0<2.7.4
CVE-2022-43760
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed ...
SUSE Rancher>=2.6.0<2.6.13
SUSE Rancher>=2.7.0<2.7.4
CVE-2023-34256
** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not p...
Linux Linux kernel<6.3.3
SUSE Linux Enterprise=12.0-sp5
SUSE Linux Enterprise=15.0-sp4
SUSE Linux Enterprise=15.0-sp5
ubuntu/linux<4.15.0-223.235
ubuntu/linux<5.4.0-162.179
and 150 more
CVE-2023-22651
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. ...
SUSE Rancher>=2.6.0<=2.7.2
CVE-2023-29552
Service Location Protocol (SLP) Denial-of-Service Vulnerability
IETF Service Location Protocol (SLP)
Netapp Smi-s Provider
SUSE Manager Server
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
Suse Linux Enterprise Server Sap=12
and 4 more
CVE-2022-45155
An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories o...
SUSE openSUSE Factory<0.6.1
CVE-2023-23005
** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NO...
Linux Linux kernel<6.2
SUSE Linux Enterprise Server=15-sp5
<6.2
=15-sp5
CVE-2022-45154
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers th...
Opensuse Supportutils<=3.0.10-95.51.1
SUSE Linux Enterprise Server=12
Opensuse Supportutils<=3.1.21-150000.5.44.1
SUSE Linux Enterprise Server=15
Opensuse Supportutils<=3.1.21-150300.7.35.15.1
SUSE Linux Enterprise Server=15-sp3
CVE-2022-45153
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 ...
SUSE Linux Enterprise Module for SAP Applications=15-sp1
openSUSE Leap=15.4
Suse Linux Enterprise Server Sap=12-sp5
CVE-2022-43757
SUSE Rancher>=2.5.0<2.5.17
SUSE Rancher>=2.6.0<2.6.10
SUSE Rancher>=2.7.0<2.7.1
CVE-2022-43755
A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Ranc...
SUSE Rancher>=2.6.0<2.6.10
SUSE Rancher>=2.7.0<2.7.1
CVE-2022-21953
SUSE Rancher>=2.5.0<2.5.17
SUSE Rancher>=2.6.0<2.6.10
SUSE Rancher>=2.7.0<2.7.1
CVE-2022-43758
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm cata...
SUSE Rancher>=2.5.0<2.5.17
SUSE Rancher>=2.6.0<2.6.10
SUSE Rancher>=2.7.0<2.7.1
CVE-2022-31249
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host...
Suse Wrangler<0.7.4
Suse Wrangler>=0.8.0<0.8.5
Suse Wrangler=1.0.0
CVE-2022-43756
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying speci...
Suse Wrangler<0.7.4
Suse Wrangler>=0.8.0<0.8.5
Suse Wrangler=1.0.0
CVE-2022-43759
A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affe...
SUSE Rancher>=2.5.0<2.5.17
SUSE Rancher>=2.6.0<2.6.10
CVE-2022-31254
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUS...
Opensuse Rmt-server<2.10
SUSE Manager Server=4.1
openSUSE Leap=15.3
openSUSE Leap=15.4
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=15-sp1
CVE-2022-43754
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterpr...
SUSE Manager Server>=4.2<4.2.10
SUSE Manager Server>=4.3<4.3.2
Uyuni-project Uyuni<2022.10
CVE-2022-43753
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Mod...
SUSE Manager Server>=4.2<4.2.10
SUSE Manager Server>=4.3<4.3.2
Uyuni-project Uyuni<2022.10
CVE-2022-31255
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Mo...
SUSE Manager Server>=4.2<4.2.10
SUSE Manager Server>=4.3<4.3.2
Uyuni-project Uyuni<2022.10
CVE-2022-31252
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path componen...
openSUSE Leap=15.3
openSUSE Leap=15.4
openSUSE Leap Micro=5.2
SUSE Linux Enterprise Server=12-sp5
CVE-2015-1931
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pla...
Ibm Java Sdk>=5.0.0.0<5.0.16.13
Ibm Java Sdk>=6.0.0.0<6.0.16.7
Ibm Java Sdk>=6.1.0.0<6.1.8.7
Ibm Java Sdk>=7.0.0.0<7.0.9.10
Ibm Java Sdk>=7.1.0.0<7.1.3.10
Ibm Java Sdk>=8.0.0.0<8.0.1.10
and 24 more
CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue af...
Opensuse Canna<3.7p3-bp153.2.3.1
openSUSE Backports SLE=15.0-sp3
Opensuse Canna<3.7p3-bp154.3.3.1
openSUSE Backports SLE=15.0-sp4
Opensuse Canna=3.7p3
openSUSE Factory
and 1 more
CVE-2022-31247
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, man...
SUSE Rancher>=2.5.0<2.5.16
SUSE Rancher>=2.6.0<2.6.7
CVE-2021-36783
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tok...
SUSE Rancher>=2.5.0<2.5.13
SUSE Rancher>=2.6.0<2.6.4
CVE-2021-36782
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API...
SUSE Rancher>=2.5.0<2.5.16
SUSE Rancher>=2.6.0<2.6.7
CVE-2022-31248
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Mana...
SUSE Manager Server>=4.1<4.1.46-1
SUSE Manager Server>=4.2<4.2.37-1
CVE-2022-21952
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources le...
SUSE Manager Server>=4.1<4.1.46
SUSE Manager Server>=4.2<4.2.37
CVE-2022-21951
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted v...
SUSE Rancher>=2.5.0<2.5.14
SUSE Rancher>=2.6.0<2.6.5
CVE-2021-36784
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; ...
SUSE Rancher<2.5.13
SUSE Rancher>=2.6.0<2.6.4
CVE-2021-4200
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions p...
SUSE Rancher<2.5.13
SUSE Rancher>=2.6.0<2.6.4
CVE-2021-36778
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher...
SUSE Rancher<2.5.12
SUSE Rancher>=2.6.0<2.6.3
CVE-2022-27239
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
debian/cifs-utils<=2:6.11-3.1<=2:6.8-2<=2:6.14-1
debian/cifs-utils
Samba Cifs-utils<6.15
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 56 more
CVE-2022-21947
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue...
SUSE Rancher Desktop<1.2.1
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linu...
Gnu Grub2<2.06-150400.7.1
SUSE Linux Enterprise Server=15-sp4
Gnu Grub2<2.06-18.1
openSUSE Factory
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring....
Cobbler Project Cobbler<3.3.1
openSUSE Factory
Opensuse Backports=sle-15-sp3
Opensuse Backports=sle-15-sp4
SUSE Linux Enterprise Server=11-sp3
SUSE Linux Enterprise Server=12
and 5 more
CVE-2022-21944
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects...
openSUSE Factory watchman<=4.9.1
SUSE SUSE Linux Enterprise Server=15-sp3
CVE-2021-4166
Vim. Multiple issues were addressed by updating Vim.
Vim Vim<8.2.3884
Redhat Enterprise Linux=8.0
openSUSE Factory
SUSE Linux Enterprise=12.0
SUSE Linux Enterprise=15.0
Debian Debian Linux=9.0
and 26 more
CVE-2021-41819
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. B...
rubygems/cgi<0.1.0.1
rubygems/cgi=0.2.0
rubygems/cgi=0.3.0
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
and 42 more
CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
redhat/polkit<0:0.96-11.el6_10.2
redhat/polkit<0:0.112-26.el7_9.1
redhat/polkit<0:0.112-12.el7_3.1
redhat/polkit<0:0.112-12.el7_4.2
redhat/polkit<0:0.112-18.el7_6.3
redhat/polkit<0:0.112-22.el7_7.2
and 62 more
CVE-2021-41817
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. This flaw allows an attacker to hang a ruby ap...
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
Ruby-lang Date<2.0.1
Ruby-lang Date>=3.0.0<3.0.2
Ruby-lang Date>=3.1.0<3.1.2
and 46 more
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...
Balasys Dheater
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
F5 BIG-IQ Centralized Management=7.1.0
F5 BIG-IQ Centralized Management>=8.0.0<=8.2.0
and 80 more
CVE-2021-4028
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to...
Linux Linux kernel>=5.10<5.10.71
Linux Linux kernel>=5.11<5.14.10
SUSE Linux Enterprise=15.0-sp3
SUSE Linux Enterprise=15.0-sp4
redhat/kernel-rt<0:3.10.0-1160.62.1.rt56.1203.el7
redhat/kernel<0:3.10.0-1160.62.1.el7
and 12 more
CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private k...
SUSE Rancher K3s=1.19.12
SUSE Rancher K3s=1.20.8
SUSE Rancher K3s=1.21.2
Suse Rancher Rke2=1.19.12
Suse Rancher Rke2=1.20.8
Suse Rancher Rke2=1.21.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203