# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-21951 |
311 |
|
|
2022-05-25 |
2022-06-09 |
3.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
None |
A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. |
2 |
CVE-2020-8030 |
377 |
|
|
2021-02-11 |
2021-02-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster. |
3 |
CVE-2018-10195 |
190 |
|
+Info |
2021-06-02 |
2022-02-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. |
4 |
CVE-2017-14621 |
79 |
|
XSS |
2017-09-20 |
2017-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Portus 2.2.0 has XSS via the Team field, related to typeahead. |
5 |
CVE-2016-0651 |
|
|
|
2016-04-21 |
2022-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. |
6 |
CVE-2015-0505 |
|
|
|
2015-04-16 |
2022-09-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. |
7 |
CVE-2015-0499 |
|
|
|
2015-04-16 |
2022-09-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. |
8 |
CVE-2015-0374 |
|
|
|
2015-01-21 |
2022-09-20 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. |
9 |
CVE-2014-7812 |
79 |
|
XSS |
2015-01-15 |
2022-02-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. |
10 |
CVE-2014-7811 |
79 |
|
XSS |
2015-01-15 |
2016-04-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. |
11 |
CVE-2014-6568 |
|
|
|
2015-01-21 |
2022-09-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. |
12 |
CVE-2014-6474 |
|
|
|
2014-10-15 |
2022-09-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED. |
13 |
CVE-2014-6463 |
|
|
|
2014-10-15 |
2022-09-20 |
3.3 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML. |
14 |
CVE-2014-4214 |
|
|
|
2014-07-17 |
2018-10-09 |
3.3 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. |
15 |
CVE-2014-3917 |
200 |
|
DoS +Info |
2014-06-05 |
2021-07-15 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. |
16 |
CVE-2013-3812 |
|
|
|
2013-07-17 |
2022-09-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. |
17 |
CVE-2011-4190 |
310 |
|
+Info |
2018-06-08 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). |
18 |
CVE-2011-1585 |
264 |
|
Bypass |
2013-06-08 |
2020-07-27 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. |
19 |
CVE-2009-0834 |
|
|
Bypass |
2009-03-06 |
2020-08-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. |
20 |
CVE-2006-7246 |
295 |
|
|
2020-01-27 |
2020-01-31 |
3.2 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
None |
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. |