cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-8027,https://securityvulnerability.io/vulnerability/CVE-2020-8027,openldap uses fixed paths in /tmp,"A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.",Suse,"Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 15,Opensuse Leap 15.1,Opensuse Leap 15.2",7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-02-11T16:15:00.000Z,0
CVE-2020-8023,https://securityvulnerability.io/vulnerability/CVE-2020-8023,Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2,"A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.",Suse,"Suse Enterprise Storage 5,Suse Linux Enterprise Debuginfo 11-sp3,Suse Linux Enterprise Debuginfo 11-sp4,Suse Linux Enterprise Point Of Sale 11-sp3,Suse Linux Enterprise Server 11-security,Suse Linux Enterprise Server 11-sp4-ltss,Suse Linux Enterprise Server 12-sp2-bcl,Suse Linux Enterprise Server 12-sp2-ltss,Suse Linux Enterprise Server 12-sp3-bcl,Suse Linux Enterprise Server 12-sp3-ltss,Suse Linux Enterprise Server 12-sp4,Suse Linux Enterprise Server 12-sp5,Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 12-sp2,Suse Linux Enterprise Server For SAP 12-sp3,Suse Linux Enterprise Server For SAP 15,Suse Openstack Cloud 7,Suse Openstack Cloud 8,Suse Openstack Cloud Crowbar 8,Opensuse Leap 15.1,Opensuse Leap 15.2",7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-09-01T12:15:00.000Z,0
CVE-2020-8025,https://securityvulnerability.io/vulnerability/CVE-2020-8025,outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues,"A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.",Suse,"Suse Linux Enterprise Server 12-sp4,Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 15,Opensuse Leap 15.1,Opensuse Tumbleweed",6.1,MEDIUM,0.0015699999639764428,false,,false,false,false,,,false,false,,2020-08-07T10:15:00.000Z,0
CVE-2019-3681,https://securityvulnerability.io/vulnerability/CVE-2019-3681,osc: stores downloaded (supposed) RPM in network-controlled filesystem paths,"A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .",Suse,"Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Software Development Kit 12-sp5,Suse Linux Enterprise Software Development Kit 12-sp4,Opensuse Leap 15.1,Opensuse Factory",7.5,HIGH,0.01655000075697899,false,,false,false,false,,,false,false,,2020-06-29T12:15:00.000Z,0
CVE-2020-8019,https://securityvulnerability.io/vulnerability/CVE-2020-8019,syslog-ng: Local privilege escalation from new to root in %post,"A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.",Suse,"Suse Linux Enterprise Debuginfo 11-sp3,Suse Linux Enterprise Debuginfo 11-sp4,Suse Linux Enterprise Module For Legacy Software 12,Suse Linux Enterprise Point Of Sale 11-sp3,Suse Linux Enterprise Server 11-sp4-ltss,Suse Linux Enterprise Server For SAP 12-sp1,Opensuse Backports Sle-15-sp1,Opensuse Leap 15.1",7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-06-29T00:00:00.000Z,0
CVE-2019-18904,https://securityvulnerability.io/vulnerability/CVE-2019-18904,Migrations requests can cause DoS on rmt,"A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.",Suse,"Suse Linux Enterprise High Performance Computing 15-espos,Suse Linux Enterprise High Performance Computing 15-ltss,Suse Linux Enterprise Module For Public Cloud 15-sp1,Suse Linux Enterprise Module For Server Applications 15,Suse Linux Enterprise Module For Server Applications 15-sp1,Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 15,Opensuse Leap 15.1",6.5,MEDIUM,0.001829999964684248,false,,false,false,false,,,false,false,,2020-04-03T00:00:00.000Z,0
CVE-2020-8016,https://securityvulnerability.io/vulnerability/CVE-2020-8016,race condition in the packaging of texlive-filesysten,"A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.",Suse,"Suse Linux Enterprise Module For Desktop Applications 15-sp1,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",4.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-02T14:15:00.000Z,0
CVE-2020-8017,https://securityvulnerability.io/vulnerability/CVE-2020-8017,race condition on texlive-filesystem cron job allows for the deletion of unintended files,"A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.",Suse,"Suse Linux Enterprise Module For Desktop Applications 15-sp1,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-04-02T00:00:00.000Z,0
CVE-2019-3696,https://securityvulnerability.io/vulnerability/CVE-2019-3696,pcp: Local privilege escalation from user pcp to root through migrate_tempdirs,"A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",Suse,"Suse Linux Enterprise High Performance Computing 15-espos,Suse Linux Enterprise High Performance Computing 15-ltss,Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Module For Development Tools 15-sp1,Suse Linux Enterprise Module For Open Buildservice Development Tools 15,Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 15,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-03T11:15:00.000Z,0
CVE-2019-3695,https://securityvulnerability.io/vulnerability/CVE-2019-3695,pcp: Local privilege escalation from user pcp to root,"A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",Suse,"Suse Linux Enterprise High Performance Computing 15-espos,Suse Linux Enterprise High Performance Computing 15-ltss,Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Module For Development Tools 15-sp1,Suse Linux Enterprise Module For Open Buildservice Development Tools 15,Suse Linux Enterprise Server 15-ltss,Suse Linux Enterprise Server For SAP 15,Suse Linux Enterprise Software Development Kit 12-sp4,Suse Linux Enterprise Software Development Kit 12-sp5,Opensuse Leap 15.1",8.4,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-03-03T11:15:00.000Z,0