Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suse yast2 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2016-1601
yast2-users prior to 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow malicious users to have unspecified impact via unkn...
Suse Yast2
7.8
CVSSv2
CVE-2012-0425
LanItems.ycp in save_y2logs in yast2-network prior to 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent malicious users to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_P...
Opensuse Opensuse 12.1
7.5
CVSSv2
CVE-2009-1648
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote malicious users to access network services.
Suse Suse Linux 11
7.2
CVSSv2
CVE-2012-0427
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 prior to 2008.11.26-0.9.1 and 2012.9.13 prior to 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
Opensuse Opensuse 11.4
7.2
CVSSv2
CVE-2008-4636
yast2-backup 2.14.2 up to and including 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
Suse Yast2-backup
7.2
CVSSv2
CVE-2007-6167
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
Suse Suse Linux
5
CVSSv2
CVE-2010-1507
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote malicious users to spoof session cookies by leveraging knowledge of this key.
Novell Suse Linux 11
2.1
CVSSv2
CVE-2018-20105
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local malicious users to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt version...
Yast2-rmt Project Yast2-rmt
Opensuse Leap 15.0
Suse Suse Linux Enterprise Server 15
2.1
CVSSv2
CVE-2019-3700
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security ...
Suse Yast2-security
2.1
CVSSv2
CVE-2018-17957
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) prior to 1.1.2 exposed MySQL database passwords on process commandline, allowing local malicious users to access or corrupt the RMT database.
Suse Repository Mirroring Tool
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started