CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-12476 – obs-service-extract_file's outfilename parameter allows to write files outside of package directory
https://notcve.org/view.php?id=CVE-2018-12476
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. Una vulnerabilidad de Salto de Ruta Relativa en obs-service-tar_scm de SUSE Linux Enterprise Server versión 15; openSUSE Factory, permite a atacantes remotos con control sobre un repositorio sobrescribir archivos en la máquina del usuario local si un servicio malicioso es ejecutado. Este problema afecta a: obs-service-tar_scm versiones anteriores a 0.9.2.1537788075.fefaa74 de SUSE Linux Enterprise Server versión 15. obs-service-tar_scm versiones anteriores a 0.9.2.1537788075.fefaa74 de openSUSE Factory. • https://bugzilla.suse.com/show_bug.cgi?id=1107944 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-18900 – libzypp stores cookies world readable
https://notcve.org/view.php?id=CVE-2019-18900
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. Una vulnerabilidad de Permisos Predeterminados Incorrectos en libzypp de SUSE CaaS Platform versión 3.0, SUSE Linux Enterprise Server versión12, SUSE Linux Enterprise Server versión 15, permitió a atacantes locales leer un almacén de cookies utilizado por libzypp, exponiendo cookies privadas. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html https://bugzilla.suse.com/show_bug.cgi?id=1158763 https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html • CWE-276: Incorrect Default Permissions •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3700 – yast: Fallback to DES without configuration in /etc/login.def
https://notcve.org/view.php?id=CVE-2019-3700
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes. yast2-security no usó valores predeterminados seguros para proteger las contraseñas. Esto se convirtió en un problema el 07-10-2019 cuando los archivos de configuración que establecieron configuraciones seguras fueron movidas a una ubicación diferente. • https://bugzilla.suse.com/show_bug.cgi?id=1157541 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3694 – Local privilege escalation from munin to root in the packaging of munin
https://notcve.org/view.php?id=CVE-2019-3694
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en el empaquetado de munin en openSUSE Factory, Leap versión 15.1, permite a atacantes locales escalar desde un usuario munin a root. Este problema afecta a: munin versión 2.0.49-4.2 y versiones anteriores, de openSUSE Factory. munin versión 2.0.40-lp151.1.1 y versiones anteriores, de openSUSE Leap versión 15.1. • https://bugzilla.suse.com/show_bug.cgi?id=1155078 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3693 – Local privilege escalation from user wwwrun to root in the packaging of mailman
https://notcve.org/view.php?id=CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. Una vulnerabilidad de tipo symlink following en el empaquetado de mailman en SUSE Linux Enterprise Server versión 11, SUSE Linux Enterprise Server versión 12; openSUSE Leap versión 15.1, permitió a atacantes locales escalar sus privilegios desde un usuario wwwrun a root. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html https://bugzilla.suse.com/show_bug.cgi?id=1154328 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •