CVE-2020-8019 – syslog-ng: Local privilege escalation from new to root in %post
https://notcve.org/view.php?id=CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. • https://bugzilla.suse.com/show_bug.cgi?id=1169385 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2019-13497
https://notcve.org/view.php?id=CVE-2019-13497
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. One Identity Cloud Access Manager versiones anteriores a 8.1.4 Hotfix 1, permite un ataque de tipo CSRF para peticiones de cierre de sesión. • https://github.com/FurqanKhan1/CVE-2019-13497 https://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-13496
https://notcve.org/view.php?id=CVE-2019-13496
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. One Identity Cloud Access Manager versiones anteriores a 8.1.4 Hotfix 1, permite la omisión de OTP por medio de vectores que involucran una vulnerabilidad de tipo man in the middle, el producto One Identity Defender, y el reemplazo de una respuesta SAML fallida con una respuesta SAML con éxito. • https://github.com/FurqanKhan1/CVE-2019-13496 https://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1 • CWE-354: Improper Validation of Integrity Check Value •
CVE-2019-13498
https://notcve.org/view.php?id=CVE-2019-13498
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. One Identity Cloud Access Manager versión 8.1.3, no utiliza HTTP Strict Transport Security (HSTS), lo que puede permitir ataques de tipo man-in-the-middle (MITM). Este problema es corregido en la versión 8.1.4. • https://github.com/FurqanKhan1/CVE-2019-13498 https://support.oneidentity.com/technical-documents/cloud-access-manager/8.1.4/release-notes#TOPIC-1028731 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2011-1951
https://notcve.org/view.php?id=CVE-2011-1951
lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression. lib/logmatcher.c en Balabit syslog-ng anterior a v3.2.4, cuando la bandera global está habilitada y cuando usa PCRE v8.12 y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio(consumo de memoria) a través de un mensaje que no coincide con una expresión regular. • http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=commit%3Bh=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062107.html http://secunia.com/advisories/45122 http://www.openwall.com/lists/oss-security/2011/05/26/1 http://www.securityfocus.com/bid/47800 https://bugzilla.redhat.com/show_bug.cgi?id=709088 • CWE-399: Resource Management Errors •