Suse Linux Enterprise Server 15 Sp1 vulnerabilities

3 known vulnerabilities affecting suse/suse_linux_enterprise_server_15_sp1.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH3

Vulnerabilities

Page 1 of 1

CVE-2021-32000HIGHCVSS 7.1≥ clone-master-clean-up, ≤ 1.6-3.9.12021-07-28

CVE-2021-32000 [LOW] CWE-59 CVE-2021-32000: A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clo A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.

CVE-2020-8018HIGHCVSS 7.8≥ SLES15-SP1-CAP-Deployment-BYOS, ≤ 1.0.1≥ SLES15-SP1-CHOST-BYOS, ≤ 1.0.32020-05-04

CVE-2020-8018 [HIGH] CWE-276 CVE-2020-8018: A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deploy A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1

CVE-2019-18898HIGHCVSS 7.8≥ trousers, < 0.3.14-6.3.12020-01-23

CVE-2019-18898 [HIGH] CWE-59 CVE-2019-18898: UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterpris UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.