| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-36778 | Exposure of repository credentials to external third-party sources | SUSE | Rancher | High | 7.3 | 2022-05-02 07:05:13 | Deep Dive |
| CVE-2021-36776 | Steve API proxy impersonation | SUSE | Rancher | High | 8.8 | 2022-04-01 07:40:13 | Deep Dive |
| CVE-2021-36775 | Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings | SUSE | Rancher | High | 8.8 | 2022-04-01 07:40:12 | Deep Dive |
| CVE-2022-21947 | rancher desktop: Dashboard API is network accessible | SUSE | Rancher | High | 8.3 | 2022-04-01 06:40:10 | Deep Dive |
| CVE-2021-46705 | grub2-once uses fixed file name in /var/tmp | SUSE | SUSE Linux Enterprise Server 15 SP4 | Medium | 5.1 | 2022-03-16 09:50:10 | Deep Dive |
| CVE-2021-36780 | Unauthorized data access from replicas through vulnerable instance manager pods | SUSE | Longhorn | High | 8.1 | 2021-12-17 08:55:15 | Deep Dive |
| CVE-2021-36779 | Host operations allowed in privileged Longhorn managed pods | SUSE | Longhorn | Critical | 9.6 | 2021-12-17 08:55:13 | Deep Dive |
| CVE-2021-32000 | clone-master-clean-up: dangerous file system operations | SUSE | SUSE Linux Enterprise Server 12 SP3 | Low | 3.2 | 2021-07-28 09:35:12 | Deep Dive |
| CVE-2021-32001 | K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token | SUSE | Rancher | Medium | 6.5 | 2021-07-28 09:25:11 | Deep Dive |
| CVE-2021-31999 | Rancher: Privilege escalation vulnerability via malicious Connection header | Rancher | Rancher | High | 8.8 | 2021-07-15 08:55:19 | Deep Dive |
| CVE-2019-18906 | cryptctl: client side password hashing is equivalent to clear text password storage | SUSE | SUSE Linux Enterprise Server for SAP 12-SP5 | Critical | 9.8 | 2021-06-30 08:35:12 | Deep Dive |
| CVE-2021-25321 | arpwatch: Local privilege escalation from runtime user to root | SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS | High | 7.8 | 2021-06-30 08:25:13 | Deep Dive |
| CVE-2021-31998 | inn: %post calls user owned file allowing local privilege escalation to root | SUSE | SUSE Linux Enterprise Server 11-SP3 | Medium | 6.8 | 2021-06-10 11:25:11 | Deep Dive |
| CVE-2021-25317 | cups: ownership of /var/log/cups allows the lp user to create files as root | SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS | Low | 3.3 | 2021-05-05 09:35:13 | Deep Dive |
| CVE-2021-25314 | hawk: Insecure file permissions | SUSE | SUSE Linux Enterprise High Availability 12-SP3 | High | 7.8 | 2021-04-14 15:00:18 | Deep Dive |
| CVE-2021-25316 | Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools | SUSE | SUSE Linux Enterprise Server 12-SP5 | Low | 3.3 | 2021-04-14 09:55:13 | Deep Dive |
| CVE-2021-25313 | Rancher: XSS on /v3/cluster/ | SUSE | Rancher | High | 7.1 | 2021-03-05 08:35:19 | Deep Dive |
| CVE-2021-25315 | salt-api unauthenticated remote code execution | SUSE | SUSE Linux Enterprise Server 15 SP 3 | Critical | 9.8 | 2021-03-03 09:55:16 | Deep Dive |
| CVE-2020-8027 | openldap uses fixed paths in /tmp | SUSE | SUSE Linux Enterprise Server 15-LTSS | High | 7.3 | 2021-02-11 16:10:14 | Deep Dive |
| CVE-2020-8030 | skuba: Insecure /tmp usage when joining node to cluster | SUSE | SUSE CaaS Platform 4.5 | Low | 3.6 | 2021-02-11 16:00:21 | Deep Dive |