Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suse yast2 vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2016-1601
yast2-users prior to 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow malicious users to have unspecified impact via unkn...
Suse Yast2
694
VMScore
CVE-2012-0425
LanItems.ycp in save_y2logs in yast2-network prior to 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent malicious users to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_P...
Opensuse Opensuse 12.1
668
VMScore
CVE-2009-1648
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote malicious users to access network services.
Suse Suse Linux 11
641
VMScore
CVE-2012-0427
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 prior to 2008.11.26-0.9.1 and 2012.9.13 prior to 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
Opensuse Opensuse 11.4
641
VMScore
CVE-2008-4636
yast2-backup 2.14.2 up to and including 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
Suse Yast2-backup
641
VMScore
CVE-2007-6167
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
Suse Suse Linux
445
VMScore
CVE-2010-1507
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote malicious users to spoof session cookies by leveraging knowledge of this key.
Novell Suse Linux 11
187
VMScore
CVE-2018-20105
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local malicious users to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt version...
Yast2-rmt Project Yast2-rmt
Opensuse Leap 15.0
Suse Suse Linux Enterprise Server 15
187
VMScore
CVE-2019-3700
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security ...
Suse Yast2-security
187
VMScore
CVE-2018-17957
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) prior to 1.1.2 exposed MySQL database passwords on process commandline, allowing local malicious users to access or corrupt the RMT database.
Suse Repository Mirroring Tool
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started