522 matches found
SUSE SLES12 Security Update : squid (SUSE-SU-2020:1946-1)
This update for squid fixes the following issues : CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted...
CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server...
CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server...
CVE-2020-8022
CVE-2020-8022 describes an Incorrect Default Permissions flaw in the tomcat packaging for SUSE-related products (SUSE Enterprise Storage 5, various SLE/SAP/OpenStack Cloud variants, and related SUSE builds). The issue allows a local attacker to escalate from group tomcat to root. Affected Tomcat ...
CVE-2020-8022 User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server...
SUSE SLES12 Security Update : krb5-appl (SUSE-SU-2020:1533-1)
This update for krb5-appl fixes the following issues : CVE-2020-10188: Fixed a remote root execution bsc1165787. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as...
CVE-2018-17954
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE...
CVE-2018-17954 crowbar provision leaks admin password to all nodes in cleartext
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE...
PT-2020-2758 · Suse · Crowbar-Core +3
Name of the Vulnerable Software and Affected Versions: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1 SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3 SUSE OpenStack Cloud 9 ardana-ansible versions prior to...
CVE-2019-3683
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...
Code injection
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...
CVE-2019-3683
The CVE-2019-3683 issue affects the keystone-json-assignment package in SUSE Openstack Cloud 8 prior to commit d7888c75505465490250c00cc0ef4bb1af662f9f. The root cause is that every user listed in /etc/keystone/user-project-map.json was granted full member access to every project, enabling these ...
CVE-2019-3683 keystone_json_assignment backend granted access to any project for users in user-project-map.json
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...
SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2019:2454-1)
This update for dovecot22 fixes the following issues : CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers bsc1145559. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenabl...
SUSE SLED12 / SLES12 Security Update : bzip2 (SUSE-SU-2019:2013-1)
This update for bzip2 fixes the following issues : Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors bsc1139083. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...
SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2019:0956-1)
This update for wget fixes the following issues : Security issue fixed : CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution bsc1131493. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...
CloudBees Jenkins Openstack Cloud Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor order repetitive work.Openstack Cloud Plugin is a plugin for creating Openstack cloud instances using one of the ... CloudBees Jenkins An information...
Design/Logic Flaw
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...
CVE-2018-1000603
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...
CVE-2018-1000603
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...