Search Results (1249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1012 1 Suse 1 Suse Linux 2026-04-16 N/A
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
CVE-2001-0109 1 Suse 1 Suse Linux 2026-04-16 N/A
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
CVE-2025-67860 1 Suse 1 Harvester 2026-04-15 3.8 Low
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.
CVE-2024-22030 1 Suse 1 Rancher 2026-04-15 8 High
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL.
CVE-2025-53880 1 Suse 3 Manager, Manager Proxy, Manager Server 2026-04-15 N/A
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.
CVE-2025-23391 1 Suse 1 Rancher 2026-04-15 9.1 Critical
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.
CVE-2023-32197 1 Suse 1 Rancher 2026-04-15 6.6 Medium
A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.
CVE-2025-23388 1 Suse 1 Rancher 2026-04-15 8.2 High
A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
CVE-2024-52284 1 Suse 1 Rancher 2026-04-15 7.7 High
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
CVE-2024-52282 1 Suse 1 Rancher 2026-04-15 6.2 Medium
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2. This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.
CVE-2025-62877 1 Suse 1 Harvester 2026-04-15 9.8 Critical
Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password  if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.
CVE-2023-32199 1 Suse 1 Rancher 2026-04-15 4.3 Medium
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
CVE-2023-32190 1 Suse 1 Opensuse Tumbleweed 2026-04-15 7.8 High
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.
CVE-2024-52280 1 Suse 1 Rancher 2026-04-15 7.7 High
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.
CVE-2025-23387 1 Suse 1 Rancher 2026-04-15 5.3 Medium
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
CVE-2024-49504 1 Suse 1 Opensuse Tumbleweed 2026-04-15 8.4 High
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
CVE-2024-58269 1 Suse 1 Rancher 2026-04-15 4.3 Medium
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.
CVE-2025-54467 2 Neuvector, Suse 2 Neuvector, Neuvector 2026-04-15 5.3 Medium
When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.
CVE-2025-54471 1 Suse 1 Neuvector 2026-04-15 6.5 Medium
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.
CVE-2025-54468 2 Rancher, Suse 2 Rancher, Rancher 2026-04-15 4.7 Medium
A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.