| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-23005 |
476 |
|
|
2023-03-01 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. |
|
2 |
CVE-2022-45155 |
755 |
|
|
2023-03-15 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1. |
|
3 |
CVE-2022-45153 |
276 |
|
|
2023-02-15 |
2023-02-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. |
|
4 |
CVE-2022-43759 |
269 |
|
|
2023-02-07 |
2023-02-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10. |
|
5 |
CVE-2022-43758 |
78 |
|
Exec Code |
2023-02-07 |
2023-02-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. |
|
6 |
CVE-2022-43757 |
312 |
|
|
2023-02-07 |
2023-02-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. |
|
7 |
CVE-2022-43756 |
74 |
|
DoS |
2023-02-07 |
2023-02-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. |
|
8 |
CVE-2022-43755 |
331 |
|
|
2023-02-07 |
2023-02-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. |
|
9 |
CVE-2022-43754 |
79 |
|
XSS |
2022-11-10 |
2022-11-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. |
|
10 |
CVE-2022-43753 |
22 |
|
Dir. Trav. |
2022-11-10 |
2022-11-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. |
|
11 |
CVE-2022-31255 |
22 |
|
Dir. Trav. |
2022-11-10 |
2022-11-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. |
|
12 |
CVE-2022-31252 |
863 |
|
|
2022-10-06 |
2022-11-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225. |
|
13 |
CVE-2022-31249 |
78 |
|
|
2023-02-07 |
2023-02-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. |
|
14 |
CVE-2022-31248 |
204 |
|
|
2022-06-22 |
2022-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1. |
|
15 |
CVE-2022-31247 |
|
|
|
2022-09-07 |
2022-09-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. |
|
16 |
CVE-2022-27239 |
787 |
|
Overflow +Priv |
2022-04-27 |
2022-10-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. |
|
17 |
CVE-2022-21953 |
862 |
|
|
2023-02-07 |
2023-02-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. |
|
18 |
CVE-2022-21952 |
400 |
|
|
2022-06-22 |
2023-01-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37. |
|
19 |
CVE-2022-21951 |
311 |
|
|
2022-05-25 |
2022-06-09 |
3.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
None |
|
A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. |
|
20 |
CVE-2022-21947 |
284 |
|
|
2022-04-01 |
2022-04-11 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. |
|
21 |
CVE-2021-45082 |
77 |
|
|
2022-02-19 |
2022-04-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) |
|
22 |
CVE-2021-41819 |
565 |
|
|
2022-01-01 |
2022-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. |
|
23 |
CVE-2021-41817 |
|
|
DoS |
2022-01-01 |
2022-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. |
|
24 |
CVE-2021-36784 |
269 |
|
|
2022-05-02 |
2022-05-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. |
|
25 |
CVE-2021-36783 |
522 |
|
|
2022-09-07 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. |
|
26 |
CVE-2021-36782 |
312 |
|
|
2022-09-07 |
2023-01-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. |
|
27 |
CVE-2021-36778 |
863 |
|
|
2022-05-02 |
2022-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. |
|
28 |
CVE-2021-32001 |
|
|
|
2021-07-28 |
2022-11-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions. |
|
29 |
CVE-2021-32000 |
59 |
|
|
2021-07-28 |
2022-11-21 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions. |
|
30 |
CVE-2021-25313 |
79 |
|
XSS |
2021-03-05 |
2022-04-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. |
|
31 |
CVE-2021-4200 |
269 |
|
|
2022-05-02 |
2023-01-18 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. |
|
32 |
CVE-2021-4166 |
125 |
|
|
2021-12-25 |
2022-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
vim is vulnerable to Out-of-bounds Read |
|
33 |
CVE-2021-4034 |
787 |
|
Exec Code |
2022-01-28 |
2023-02-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
|
34 |
CVE-2021-4028 |
416 |
|
Exec Code |
2022-08-24 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. |
|
35 |
CVE-2020-15707 |
362 |
|
Exec Code Overflow Bypass |
2020-07-29 |
2021-09-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. |
|
36 |
CVE-2020-15706 |
362 |
|
Exec Code Bypass |
2020-07-29 |
2022-11-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. |
|
37 |
CVE-2020-15705 |
347 |
|
Bypass |
2020-07-29 |
2022-04-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. |
|
38 |
CVE-2020-14147 |
787 |
|
DoS Overflow Mem. Corr. Bypass |
2020-06-15 |
2021-07-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. |
|
39 |
CVE-2020-8030 |
377 |
|
|
2021-02-11 |
2021-02-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster. |
|
40 |
CVE-2020-8029 |
732 |
|
|
2021-02-11 |
2021-02-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416. |
|
41 |
CVE-2020-8025 |
279 |
|
|
2020-08-07 |
2020-08-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. |
|
42 |
CVE-2020-8018 |
276 |
|
|
2020-05-04 |
2020-05-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions; |
|
43 |
CVE-2020-8013 |
59 |
|
|
2020-03-02 |
2022-12-08 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. |
|
44 |
CVE-2020-6449 |
416 |
|
|
2020-03-23 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
45 |
CVE-2020-6429 |
787 |
|
|
2020-03-23 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
46 |
CVE-2020-6428 |
787 |
|
|
2020-03-23 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
47 |
CVE-2020-6427 |
787 |
|
|
2020-03-23 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
48 |
CVE-2020-6426 |
787 |
|
|
2020-03-23 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
49 |
CVE-2020-6424 |
416 |
|
|
2020-03-23 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
50 |
CVE-2020-6422 |
787 |
|
|
2020-03-23 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
