CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3692 – Local privilege escalation from user news to root in the packaging of inn
https://notcve.org/view.php?id=CVE-2019-3692
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. El empaquetado de inn en SUSE Linux Enterprise Server versión 11; openSUSE Factory, Leap versión 15.1, permite a atacantes locales escalar desde un usuario inn a root, mediante ataques de tipo symlink. Este problema afecta a: inn versión 2.4.2-170.21.3.1 y versiones anteriores, de SUSE Linux Enterprise Server versión 11. inn versión 2.6.2-2.2 y versiones anteriores, de openSUSE Factory . inn versión 2.5.4-lp151.2.47 y versiones anteriores de openSUSE Leap versión 15.1. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.html https://bugzilla.suse.com/show_bug.cgi?id=1154302 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3687 – "easy" permission profile allows everyone execute dumpcap and read all network traffic
https://notcve.org/view.php?id=CVE-2019-3687
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. El paquete de permisos en SUSE Linux Enterprise Server, permitió a todos los usuarios locales ejecutar dumpcap en el perfil de permisos "easy" y detectar el tráfico de red. Este problema afecta: SUSE Linux Enterprise Server versiones de permisos de a partir de 85c83fef7e017f8ab7f8602d3163786d57344439 hasta 081d081dcfaf61710bda34bc21c80c66276119aa. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html https://bugzilla.suse.com/show_bug.cgi?id=1148788 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3691 – Local privilege escalation from user munge to root
https://notcve.org/view.php?id=CVE-2019-3691
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1. Un enlace simbólico (Symlink) Después de la vulnerabilidad en el empaquetado de munge en SUSE Linux Enterprise Server 15; openSUSE Factory permitió a los atacantes locales escalar los privilegios de usuario munge a root. Este problema afecta: las versiones de MUSE de SUSE Linux Enterprise Server 15 anteriores a la versión 0.5.13-4.3.1. Versiones de openSUSE Factory Munge anteriores a la versión 0.5.13-6.1. • https://bugzilla.suse.com/show_bug.cgi?id=1155075 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-18898 – trousers: Local privilege escalation from tss to root
https://notcve.org/view.php?id=CVE-2019-18898
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. Enlace simbólico de UNIX (Symlink) Siguiendo la vulnerabilidad en el paquete trousers de SUSE Linux Enterprise Server 15 SP1; Los atacantes locales permitidos por openSUSE Factory escalan los privilegios del usuario tss al root. Este problema afecta a: SUSE Linux Enterprise Server 15 SP1 versiones de trousers anteriores a la versión 0.3.14-6.3.1. Versiones de trousers openSUSE Factory anteriores a la versión 0.3.14-7.1. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html https://bugzilla.suse.com/show_bug.cgi?id=1157651 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3686 – XSS in distri and version parameter in openQA
https://notcve.org/view.php?id=CVE-2019-3686
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security openQA antes del commit c172e8883d8f32fced5e02f9b6faaacc913df27b, era vulnerable a un ataque de tipo XSS en el parámetro distri and version. Esto se reportó por medio del programa de recompensas de errores de Offensive Security. • https://bugzilla.suse.com/show_bug.cgi?id=1142849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •