CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23005
https://notcve.org/view.php?id=CVE-2023-23005
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. • https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-45153 – saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls
https://notcve.org/view.php?id=CVE-2022-45153
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. • https://bugzilla.suse.com/show_bug.cgi?id=1205990 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-45154 – supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
https://notcve.org/view.php?id=CVE-2022-45154
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions. • https://bugzilla.suse.com/show_bug.cgi?id=1207598 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-31254 – rmt-server-pubcloud allows to escalate from user _rmt to root
https://notcve.org/view.php?id=CVE-2022-31254
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. • https://bugzilla.suse.com/show_bug.cgi?id=1204285 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-22643 – libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
https://notcve.org/view.php?id=CVE-2023-22643
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. • https://bugzilla.suse.com/show_bug.cgi?id=1206836 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •