Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Suse Subscribe
Filtered by product Caas Platform
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18017 9 Arista, Canonical, Debian and 6 more 29 Eos, Ubuntu Linux, Debian Linux and 26 more 2023-01-19 10.0 HIGH 9.8 CRITICAL
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVE-2022-27239 5 Debian, Fedoraproject, Hp and 2 more 19 Debian Linux, Fedora, Helion Openstack and 16 more 2022-10-05 7.2 HIGH 7.8 HIGH
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2020-8030 1 Suse 1 Caas Platform 2021-02-19 3.6 LOW 4.4 MEDIUM
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.
CVE-2020-8029 1 Suse 1 Caas Platform 2021-02-19 2.1 LOW 4.0 MEDIUM
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.
CVE-2019-18900 2 Opensuse, Suse 3 Libzypp, Caas Platform, Suse Linux Enterprise Server 2020-02-27 2.1 LOW 3.3 LOW
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.
CVE-2019-3682 1 Suse 1 Caas Platform 2020-02-06 4.6 MEDIUM 7.8 HIGH
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
CVE-2018-6556 4 Canonical, Linuxcontainers, Opensuse and 1 more 6 Ubuntu Linux, Lxc, Leap and 3 more 2019-05-31 2.1 LOW 3.3 LOW
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.