3 matches found
CVE-2018-12470
SUSE SMT contains a SQL Injection vulnerability in the RegistrationSharing module (CVE-2018-12470). Affected: SUSE Linux SMT prior to version 3.0.37. Root cause: insecure SQL handling allows remote attackers to execute arbitrary SQL statements. Impact: remote code execution at the SQL layer with ...
CVE-2018-12471
CVE-2018-12471 is a XXE vulnerability in SUSE Linux SMT, specifically in the RegistrationSharing modules. The root cause is XML External Entity processing that can let remote attackers read arbitrary server data or cause DoS. Affected releases are SMT versions prior to 3.0.37. The documented reme...
CVE-2018-12472
CVE-2018-12472 affects SUSE SMT (Secure MT) — an improper authentication using the HOST header allowed remote attackers to spoof a sibling server. Affected: SMT before 3.0.37. Description from SUSE confirms the issue was fixed by hardening the hostname check during sibling verification via double...