OpenSuse Supportutils
By the Year
In 2023 there have been 0 vulnerabilities in OpenSuse Supportutils . Supportutils did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 5 | 6.26 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Supportutils vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenSuse Supportutils Security Vulnerabilities
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary
CVE-2018-19636
7.8 - High
- March 05, 2019
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
Improper Input Validation
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log
CVE-2018-19637
5.5 - Medium
- March 05, 2019
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
insecure temporary file
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory
CVE-2018-19638
4.7 - Medium
- March 05, 2019
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
insecure temporary file
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g
CVE-2018-19639
7.8 - High
- March 05, 2019
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g
CVE-2018-19640
5.5 - Medium
- March 05, 2019
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Supportutils or by OpenSuse? Click the Watch button to subscribe.
