Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yast vulnerabilities and exploits
(subscribe to this query)
107
VMScore
CVE-2016-5746
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Opensuse Libstorage-ng -
Yast Yast-storage -
Opensuse Libstorage -
Opensuse Leap 42.1
187
VMScore
CVE-2011-3177
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
Yast Yast2 -
215
VMScore
CVE-2004-0064
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
Suse Suse Linux 9.0
1 EDB exploit
187
VMScore
CVE-2004-1895
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
Suse Suse Linux 9.0
Suse Suse Linux 8.2
409
VMScore
CVE-2005-3013
Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.
Suse Suse Linux 9.3
694
VMScore
CVE-2012-0425
LanItems.ycp in save_y2logs in yast2-network prior to 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent malicious users to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_P...
Opensuse Opensuse 12.1
570
VMScore
CVE-2005-4772
liby2util in Yet another Setup Tool (YaST) in SUSE Linux prior to 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
Suse Suse Linux Openexchange Server 4.0
Suse Suse Linux School Server Gold
Suse Suse Linux Standard Server 8.0
Suse Suse Sled Beagle 10.0
Suse Suse Linux 9.1
Suse Suse Linux 9.2
Suse Suse Linux 10.0
Suse Suse Linux 8.0
Suse Suse Linux 9.0
Suse Suse Linux 9.3
Suse Suse Linux 8.2
Suse Suse Linux 8
Suse Suse Linux 1.0
445
VMScore
CVE-2006-0803
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is bei...
Suse Suse Linux 9.3
Novell Suse Linux 10.0
828
VMScore
CVE-2018-20106
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a passw...
Opensuse Yast2-printer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started