Supportutils
Approved changes feed: RSS · Atom
cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Opensuse (3380e48e-e718-5685-8ad0-092ef58910e5) |
|---|---|
| Product | Supportutils (74b52dfa-450e-56af-b565-1f3a2901e5ac) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/opensuse/supportutils |
purl2cpe | 2026-06-01 10:15:36.431829 |
pkg:rpm/opensuse/supportutils |
purl2cpe | 2026-06-01 10:15:36.431831 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-45154 |
vulnerable | 2026-06-03 14:48:23.849222 |
supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
MEDIUM (4.4)
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Published: 2023-02-15T00:00:00.000Z
Updated: 2025-03-18T19:24:37.461Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19640 |
vulnerable | 2026-06-03 14:38:29.484748 |
Code execution if run with command line switch -v
MEDIUM (4.4)
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
Published: 2019-03-05T16:00:00.000Z
Updated: 2024-09-17T01:45:58.729Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19639 |
vulnerable | 2026-06-03 14:38:29.484416 |
Code execution if run with command line switch -v
MEDIUM (6.7)
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
Published: 2019-03-05T16:00:00.000Z
Updated: 2024-09-16T20:43:12.181Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19638 |
vulnerable | 2026-06-03 14:38:29.484054 |
User can overwrite arbitrary log files in support tar
LOW (2.2)
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
Published: 2019-03-05T16:00:00.000Z
Updated: 2024-09-17T00:06:09.548Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19637 |
vulnerable | 2026-06-03 14:38:29.483692 |
Static temporary filename allows overwriting of files
LOW (2.8)
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
Published: 2019-03-05T16:00:00.000Z
Updated: 2024-09-16T20:32:50.690Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19636 |
vulnerable | 2026-06-03 14:38:29.483225 |
Local root exploit via inclusion of attacker controlled shell script
HIGH (7.3)
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
Published: 2019-03-05T16:00:00.000Z
Updated: 2024-09-17T04:03:59.444Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.