Caas Platform Suse Caas Platform

Do you want an email whenever new security vulnerabilities are reported in Suse Caas Platform?

By the Year

In 2022 there have been 1 vulnerability in Suse Caas Platform with an average score of 7.8 out of ten. Caas Platform did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 1 7.80
2021 0 0.00
2020 1 7.80
2019 0 0.00
2018 2 6.55

It may take a day or so for new Caas Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Suse Caas Platform Security Vulnerabilities

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.

CVE-2019-3682 7.8 - High - January 17, 2020

The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.

Exposure of Resource to Wrong Sphere

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path

CVE-2018-6556 3.3 - Low - August 10, 2018

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

Communication Channel Errors

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36

CVE-2017-18017 9.8 - Critical - January 03, 2018

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Suse? Click the Watch button to subscribe.

Suse
Vendor

subscribe