CVE-2019-18903 – wicked: Use-after-free when receiving invalid DHCP6 IA_PD option
https://notcve.org/view.php?id=CVE-2019-18903
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62. Una vulnerabilidad de Uso de la Memoria Previamente Liberada, en wicked de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, y Factory, permite a atacantes remotos causar una DoS o potencialmente una ejecución de código. Este problema afecta: wicked de SUSE Linux Enterprise Server 12 versiones anteriores a 0.6.60-2.18.1. wicked de SUSE Linux Enterprise Server 15 versiones anteriores a 0.6.60-28.26.1. wicked de openSUSE Leap versiones 15.1 anteriores a 0.6.60-lp151.2.9.1. wicked de openSUSE Factory versiones anteriores a 0.6.62. • https://bugzilla.suse.com/show_bug.cgi?id=1160904 • CWE-416: Use After Free •
CVE-2019-18902 – wicked: Use-after-free when receiving invalid DHCP6 client options
https://notcve.org/view.php?id=CVE-2019-18902
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. Una vulnerabilidad de Uso de la Memoria Previamente Liberada en wicked de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, y Factory, permite a atacantes remotos causar DoS o potencialmente una ejecución de código. Este problema afecta: wicked de SUSE Linux Enterprise Server 12 versiones anteriores a 0.6.60-3.5.1. wicked de SUSE Linux Enterprise Server 15 versiones anteriores a 0.6.60-3.21.1. wicked de openSUSE Leap 15.1 versiones anteriores a 0.6.60-lp151.2.6.1. wicked de openSUSE Factory versiones anteriores a 0.6.62. • https://bugzilla.suse.com/show_bug.cgi?id=1160903 • CWE-416: Use After Free •
CVE-2020-8013 – permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim
https://notcve.org/view.php?id=CVE-2020-8013
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html https://bugzilla.suse.com/show_bug.cgi?id=1163922 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18901 – mysql-systemd-helper allows setting 640 permissions of arbitrary files
https://notcve.org/view.php?id=CVE-2019-18901
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en mysql-systemd-helper del paquete mariadb de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, permite a atacantes locales cambiar los permisos de archivos arbitrarios a 0640. Este problema afecta a: mariadb de SUSE Linux Enterprise Server 12 versiones anteriores a 10.2.31-3.25.1. mariadb de SUSE Linux Enterprise Server 15 versiones anteriores a 10.2.31-3.26.1. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html https://bugzilla.suse.com/show_bug.cgi?id=1160895 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18897 – Local privilege escalation from user salt to root
https://notcve.org/view.php?id=CVE-2019-18897
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en el empaquetado de la sal de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory, permite a atacantes locales escalar los privilegios de la sal de user a root. Este problema afecta a: salt-master de SUSE Linux Enterprise Server 12 versión 2019.2.0-46.83.1 y versiones anteriores. salt-master de SUSE Linux Enterprise Server 15 versión 2019.2.0-6.21.1 y versiones anteriores. salt-master de OpenSUSE Factory versión 2019.2.2-3.1 y versiones anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html https://bugzilla.suse.com/show_bug.cgi?id=1157465 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •