VYPR

supportutils

by SUSE S.A.

CVEs (7)

  • CVE-2022-45154Feb 15, 2023
    risk 0.00cvss epss 0.00

    A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials…

  • CVE-2018-19640Mar 5, 2019
    risk 0.00cvss epss 0.00

    If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.

  • CVE-2018-19637Mar 5, 2019
    risk 0.00cvss epss 0.00

    Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

  • CVE-2018-19636Mar 5, 2019
    risk 0.00cvss epss 0.00

    Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges

  • CVE-2018-19639Mar 5, 2019
    risk 0.00cvss epss 0.01

    If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.

  • CVE-2018-19638Mar 5, 2019
    risk 0.00cvss epss 0.00

    In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.

  • CVE-2010-3912Jan 13, 2011
    risk 0.00cvss epss 0.02

    The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.