Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yast vulnerabilities and exploits
(subscribe to this query)
1.2
CVSSv2
CVE-2016-5746
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Opensuse Libstorage-ng -
Yast Yast-storage -
Opensuse Libstorage -
Opensuse Leap 42.1
2.1
CVSSv2
CVE-2011-3177
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
Yast Yast2 -
2.1
CVSSv2
CVE-2004-0064
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
Suse Suse Linux 9.0
1 EDB exploit
2.1
CVSSv2
CVE-2004-1895
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
Suse Suse Linux 9.0
Suse Suse Linux 8.2
4.6
CVSSv2
CVE-2005-3013
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
Suse Suse Linux 9.3
7.8
CVSSv2
CVE-2012-0425
LanItems.ycp in save_y2logs in yast2-network prior to 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent malicious users to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_P...
Opensuse Opensuse 12.1
6.4
CVSSv2
CVE-2005-4772
liby2util in Yet another Setup Tool (YaST) in SUSE Linux prior to 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
Suse Suse Linux Openexchange Server 4.0
Suse Suse Linux School Server Gold
Suse Suse Linux Standard Server 8.0
Suse Suse Sled Beagle 10.0
Suse Suse Linux 9.1
Suse Suse Linux 9.2
Suse Suse Linux 10.0
Suse Suse Linux 8.0
Suse Suse Linux 9.0
Suse Suse Linux 9.3
Suse Suse Linux 8.2
Suse Suse Linux 8
Suse Suse Linux 1.0
9.3
CVSSv2
CVE-2018-20106
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a passw...
Opensuse Yast2-printer
5
CVSSv2
CVE-2006-0803
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is bei...
Suse Suse Linux 9.3
Novell Suse Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started