Suse Supportutils vulnerabilities
3 known vulnerabilities affecting suse/supportutils.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-19636HIGHCVSS 7.8≥ unspecified, < 3.1-5.7.12019-03-05
CVE-2018-19636 [HIGH] CWE-306 CVE-2018-19636: Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file sys
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
nvd
CVE-2018-19637MEDIUMCVSS 5.5≥ unspecified, < 3.1-5.7.12019-03-05
CVE-2018-19637 [MEDIUM] CWE-377 CVE-2018-19637: Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local atta
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
nvd
CVE-2018-19638MEDIUMCVSS 4.7≥ unspecified, < 3.1-5.7.12019-03-05
CVE-2018-19638 [MEDIUM] CWE-377 CVE-2018-19638: In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileg
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
nvd