CVE-2022-21950 – canna: unsafe handling of /tmp/.iroha_unix directory
https://notcve.org/view.php?id=CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. Una vulnerabilidad de Control de Acceso inapropiado en el servicio systemd de cana en openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 permite a usuarios locales secuestrar el socket de dominio UNIX Este problema afecta a: openSUSE Backports SLE-15-SP3 versiones de canna anteriores a canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 versiones de canna anteriores a 3.7p3-bp154.3.3.1. openSUSE Factory también está afectado. En lugar de arreglar el paquete fue eliminado allí • https://bugzilla.suse.com/show_bug.cgi?id=1199280 • CWE-284: Improper Access Control •
CVE-2002-1159
https://notcve.org/view.php?id=CVE-2002-1159
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. Canna 3.6 y anteriores no validan adecuadamente las peticiones, lo que permite a atacantes remotos causar una denegación de servicio o fuga de información. • http://canna.sourceforge.jp/sec/Canna-2002-01.txt http://www.debian.org/security/2003/dsa-224 http://www.redhat.com/support/errata/RHSA-2002-246.html http://www.redhat.com/support/errata/RHSA-2002-261.html http://www.redhat.com/support/errata/RHSA-2003-115.html http://www.securityfocus.com/bid/6354 https://exchange.xforce.ibmcloud.com/vulnerabilities/10832 https://access.redhat.com/security/cve/CVE-2002-1159 https://bugzilla.redhat.com/show_bug.cgi?id=1616851 •