Suse Linux Enterprise Server 15 vulnerabilities

13 known vulnerabilities affecting suse/suse_linux_enterprise_server_15.

Total CVEs

13

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH4MEDIUM4LOW2

Vulnerabilities

Page 1 of 1

CVE-2022-45154MEDIUMCVSS 5.5≥ supportutils, ≤ 3.1.21-150000.5.44.12023-02-15

CVE-2022-45154 [MEDIUM] CWE-312 CVE-2022-45154: A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version

CVE-2019-18905MEDIUMCVSS 5.9≥ autoyast2, ≤ 4.0.70-3.20.12020-04-03

CVE-2019-18905 [MEDIUM] CWE-345 CVE-2019-18905: A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 an

CVE-2019-18902CRITICALCVSS 9.8≥ wicked, < 0.6.60-3.21.12020-03-02

CVE-2019-18902 [HIGH] CWE-416 CVE-2019-18902: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to

CVE-2019-18903CRITICALCVSS 9.8≥ wicked, < 0.6.60-28.26.12020-03-02

CVE-2019-18903 [HIGH] CWE-416 CVE-2019-18903: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior t

CVE-2019-18897HIGHCVSS 7.8≥ salt-master, ≤ 2019.2.0-6.21.12020-03-02

CVE-2019-18897 [HIGH] CWE-59 CVE-2019-18897: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterp A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linu

CVE-2019-18901MEDIUMCVSS 5.5≥ mariadb, < 10.2.31-3.26.12020-03-02

CVE-2019-18901 [MEDIUM] CWE-59 CVE-2019-18901: A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb pa A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE

CVE-2020-8013LOWCVSS 2.5≥ permissions, < 20181116-9.23.12020-03-02

CVE-2020-8013 [LOW] CWE-59 CVE-2020-8013: A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12 A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation i

CVE-2018-12476HIGHCVSS 7.5≥ obs-service-tar_scm, < 0.9.2.1537788075.fefaa74:2020-01-27

CVE-2018-12476 [MEDIUM] CWE-23 CVE-2018-12476: Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; ope Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2

CVE-2018-20105MEDIUMCVSS 5.5≥ yast2-rmt, < 1.2.22020-01-27

CVE-2018-20105 [MEDIUM] CWE-532 CVE-2018-20105: A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterpris A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

CVE-2019-18900LOWCVSS 3.3vlibzypp 17.19.0-3.34.12020-01-24

CVE-2019-18900 [MEDIUM] CWE-276 CVE-2019-18900: : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enter : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Serv

CVE-2019-3691HIGHCVSS 7.8≥ munge, < 0.5.13-4.3.12020-01-23

CVE-2019-3691 [HIGH] CWE-59 CVE-2019-3691: A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.

CVE-2019-3688HIGHCVSS 7.1≥ squid, ≤ 4.8-5.8.12019-10-07

CVE-2019-3688 [MEDIUM] CWE-276 CVE-2019-3688: The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and includ The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary

CVE-2019-3689CRITICALCVSS 9.8vbefore and including version 2.1.1-6.10.22019-09-19

CVE-2019-3689 [MEDIUM] CWE-276 CVE-2019-3689: The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes runn