|
220231
|
7.8 |
HIGH
Local
|
suse
opensuse
|
inn
leap
backports_sle
|
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enter…
|
-
|
CVE-2019-3692
|
2024-11-21 13:42 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220232
|
3.3 |
LOW
Local
|
suse
|
linux_enterprise_server
|
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Ser…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-3687
|
2024-11-21 13:42 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220233
|
7.8 |
HIGH
Local
|
opensuse
|
munge
|
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root…
|
-
|
CVE-2019-3691
|
2024-11-21 13:42 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220234
|
8.8 |
HIGH
Network
|
redhat
|
quay
|
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed…
|
CWE-352
Origin Validation Error
|
CVE-2019-3864
|
2024-11-21 13:42 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220235
|
6.1 |
MEDIUM
Network
|
suse
|
openqa
|
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
|
CWE-79
Cross-site Scripting
|
CVE-2019-3686
|
2024-11-21 13:42 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220236
|
8.8 |
HIGH
Network
|
suse
hp
|
openstack_cloud
keystone-json-assignment
helion_openstack
|
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "m…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-3683
|
2024-11-21 13:42 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220237
|
7.8 |
HIGH
Local
|
suse
|
caas_platform
|
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-3682
|
2024-11-21 13:42 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220238
|
3.7 |
LOW
Network
|
mikrotik
|
winbox
routeros
|
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed passwo…
|
NVD-CWE-Other
|
CVE-2019-3981
|
2024-11-21 13:42 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220239
|
6.5 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause informat…
|
CWE-611
XXE
|
CVE-2019-3768
|
2024-11-21 13:42 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220240
|
7.8 |
HIGH
Local
|
debian
skolelinux
canonical
|
debian-lan-config
debian-edu-config
debian_linux
ubuntu_linux
|
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed p…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-3467
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
