CVE-2023-22652 – Stack buffer overflow in "read_file" function
https://notcve.org/view.php?id=CVE-2023-22652
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. Una vulnerabilidad de Copia del Búfer de memoria Sin Comprobar el Tamaño de Entrada ('Desbordamiento de Búfer Clásico') en openSUSE libeconf conduce a una denegación de servicio (DoS) a través de archivos de configuración con formato malformado. Este problema afecta a libeconf: antes de la versión 0.5.2. A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652 https://https://github.com/openSUSE/libeconf/issues/177 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233 https://access.redhat.com/security/cve/CVE-2023 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-32181 – Stack buffer overflow in "econf_writeFile" function
https://notcve.org/view.php?id=CVE-2023-32181
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. • https://https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32181 https://https://github.com/openSUSE/libeconf/issues/178 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-45154 – supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
https://notcve.org/view.php?id=CVE-2022-45154
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions. • https://bugzilla.suse.com/show_bug.cgi?id=1207598 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-45153 – saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls
https://notcve.org/view.php?id=CVE-2022-45153
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. • https://bugzilla.suse.com/show_bug.cgi?id=1205990 • CWE-276: Incorrect Default Permissions •
CVE-2022-21948 – paste: XSS on the image upload function
https://notcve.org/view.php?id=CVE-2022-21948
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions. • https://bugzilla.suse.com/show_bug.cgi?id=1197930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •