openSUSE Supportutils 3.0.10-95.51.1

CPE Details

openSUSE Supportutils 3.0.10-95.51.1
opensuse
supportutils
3.0.10-95.51.1
2023-02-23
15h32 +00:00
2023-08-11
21h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:opensuse:supportutils:3.0.10-95.51.1:*:*:*:*:*:*:*

Informations

Vendor

opensuse

Product

supportutils

Version

3.0.10-95.51.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-45154 2023-02-15 00h00 +00:00 A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
5.5
Medium
CVE-2018-19636 2019-03-05 16h00 +00:00 Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
7.8
High
CVE-2018-19637 2019-03-05 16h00 +00:00 Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
5.5
Medium
CVE-2018-19638 2019-03-05 16h00 +00:00 In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
4.7
Medium
CVE-2018-19639 2019-03-05 16h00 +00:00 If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
7.8
High
CVE-2018-19640 2019-03-05 16h00 +00:00 If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.