Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Opensuse Subscribe
Filtered by product Supportutils

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19639 1 Opensuse 1 Supportutils 2019-10-03 7.2 HIGH 7.8 HIGH
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
CVE-2018-19636 1 Opensuse 1 Supportutils 2019-05-08 7.2 HIGH 7.8 HIGH
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges