CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-21950 – canna: unsafe handling of /tmp/.iroha_unix directory
https://notcve.org/view.php?id=CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. Una vulnerabilidad de Control de Acceso inapropiado en el servicio systemd de cana en openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 permite a usuarios locales secuestrar el socket de dominio UNIX Este problema afecta a: openSUSE Backports SLE-15-SP3 versiones de canna anteriores a canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 versiones de canna anteriores a 3.7p3-bp154.3.3.1. openSUSE Factory también está afectado. En lugar de arreglar el paquete fue eliminado allí • https://bugzilla.suse.com/show_bug.cgi?id=1199280 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2021-45082
https://notcve.org/view.php?id=CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) Se ha detectado un problema en Cobbler versiones hasta 3.3.0. En el archivo templar.py, la función check_for_invalid_imports puede permitir que el código Cheetah importe módulos de Python por medio de la subcadena "#from MODULE import". • https://bugzilla.suse.com/show_bug.cgi?id=1193678 https://github.com/cobbler/cobbler/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31998 – inn: %post calls user owned file allowing local privilege escalation to root
https://notcve.org/view.php?id=CVE-2021-31998
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. Una vulnerabilidad de Permisos por Defecto Incorrectos en el empaquetado de inn de SUSE Linux Enterprise Server versión11-SP3; openSUSE Backports versión SLE-15-SP2, openSUSE Leap versión 15.2 permite a atacantes locales escalar sus privilegios del usuario de noticias a root. Este problema afecta a: SUSE Linux Enterprise Server versión 11-SP3 versión inn-2.4.2-170.21.3.1 y versiones anteriores. openSUSE Backports SLE-15-SP2 versiones inn anteriores a 2.6.2. openSUSE Leap 15.2 versiones inn anteriores a 2.6.2 • https://bugzilla.suse.com/show_bug.cgi?id=1182321 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2020-8019 – syslog-ng: Local privilege escalation from new to root in %post
https://notcve.org/view.php?id=CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. • https://bugzilla.suse.com/show_bug.cgi?id=1169385 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10802
https://notcve.org/view.php?id=CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0.2, se ha detectado una vulnerabilidad de inyección SQL donde determinados parámetros no se escapan apropiadamente al generar determinadas consultas para acciones de búsqueda en la biblioteca libraries/classes/Controllers/Table/TableSearchController.php. Un atacante puede generar un nombre de base de datos o tabla diseñados. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •