Opensuse Supportutils vulnerabilities

6 known vulnerabilities affecting opensuse/supportutils.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-45154MEDIUMCVSS 5.5≤ 3.0.10-95.51.1≤ 3.1.21-150000.5.44.1+1 more2023-02-15
CVE-2022-45154 [MEDIUM] CWE-312 CVE-2022-45154: A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version
nvd
CVE-2018-19639HIGHCVSS 7.8fixed in 3.1-5.7.12019-03-05
CVE-2018-19639 [MEDIUM] CVE-2018-19639: If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
nvd
CVE-2018-19636HIGHCVSS 7.8fixed in 3.1-5.7.12019-03-05
CVE-2018-19636 [HIGH] CWE-306 CVE-2018-19636: Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file sys Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
nvd
CVE-2018-19640MEDIUMCVSS 5.5fixed in 3.1-5.7.12019-03-05
CVE-2018-19640 [MEDIUM] CVE-2018-19640: If the attacker manages to create files in the directory used to collect log files in supportutils b If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
nvd
CVE-2018-19637MEDIUMCVSS 5.5fixed in 3.1-5.7.12019-03-05
CVE-2018-19637 [LOW] CWE-377 CVE-2018-19637: Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local atta Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
nvd
CVE-2018-19638MEDIUMCVSS 4.7fixed in 3.1-5.7.12019-03-05
CVE-2018-19638 [LOW] CWE-377 CVE-2018-19638: In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileg In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
nvd