CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31998 – inn: %post calls user owned file allowing local privilege escalation to root
https://notcve.org/view.php?id=CVE-2021-31998
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. Una vulnerabilidad de Permisos por Defecto Incorrectos en el empaquetado de inn de SUSE Linux Enterprise Server versión11-SP3; openSUSE Backports versión SLE-15-SP2, openSUSE Leap versión 15.2 permite a atacantes locales escalar sus privilegios del usuario de noticias a root. Este problema afecta a: SUSE Linux Enterprise Server versión 11-SP3 versión inn-2.4.2-170.21.3.1 y versiones anteriores. openSUSE Backports SLE-15-SP2 versiones inn anteriores a 2.6.2. openSUSE Leap 15.2 versiones inn anteriores a 2.6.2 • https://bugzilla.suse.com/show_bug.cgi?id=1182321 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2020-8019 – syslog-ng: Local privilege escalation from new to root in %post
https://notcve.org/view.php?id=CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. • https://bugzilla.suse.com/show_bug.cgi?id=1169385 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-18904 – Migrations requests can cause DoS on rmt
https://notcve.org/view.php?id=CVE-2019-18904
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. • https://bugzilla.suse.com/show_bug.cgi?id=1160922 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10802
https://notcve.org/view.php?id=CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0.2, se ha detectado una vulnerabilidad de inyección SQL donde determinados parámetros no se escapan apropiadamente al generar determinadas consultas para acciones de búsqueda en la biblioteca libraries/classes/Controllers/Table/TableSearchController.php. Un atacante puede generar un nombre de base de datos o tabla diseñados. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10803
https://notcve.org/view.php?id=CVE-2020-10803
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0.2, se detectó una vulnerabilidad de inyección SQL donde un código malicioso podría ser usado para desencadenar un ataque de tipo XSS mediante la recuperación y visualización de resultados (en archivo tbl_get_field.php y biblioteca libraries/clases/Display/Results.php). El atacante debe poder insertar datos diseñados en determinadas tablas de la base de datos, que cuando se recuperaban (por ejemplo, por medio de la pestaña Browse) pueden desencadenar el ataque de tipo XSS. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •