View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-19637 severity important: SUSE including 252 source package names (10.1-4.1:supportutils-3.1-5.7.1, amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, …), 344 product×package rows across 78 product lines (Container suse/sle-micro/5.0/toolbox, Image SLES12-SP5-Azure-BYOS, … (78 product lines)): Fixed 164, Known Affected 157, Known Not Affected 23.
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection