CVE-2022-21944 – watchman: chown in watchman@.socket unit allows symlink attack
https://notcve.org/view.php?id=CVE-2022-21944
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. Un enlace simbólico de UNIX (Symlink) Tras la vulnerabilidad en el archivo de servicio systemd para watchman de openSUSE Backports versión SLE-15-SP3, Factory permite a atacantes locales escalar a root. Este problema afecta a: openSUSE Backports SLE-15-SP3 watchman versiones anteriores a 4.9.0. openSUSE Factory watchman versiones anteriores a 4.9.0-9.1 • https://bugzilla.suse.com/show_bug.cgi?id=1194470 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar números arbitrarios que en realidad no son claves públicas, y desencadenar costosos cálculos de exponenciación modular DHE del lado del servidor, también se conoce como un ataque D(HE)ater. • https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf https://dheatattack.com https://dheatattack.gitlab.io https://github.com/Balasys/dheater https://github.com/mozilla/ssl-config-generator/issues/162 https://gitlab.com/dheatattack/dheater https://ieeexplore.ieee.org/document/10374117 https://support.f5.com/csp/article/K83120834 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration https: • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-32000 – clone-master-clean-up: dangerous file system operations
https://notcve.org/view.php?id=CVE-2021-32000
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions. Una vulnerabilidad de seguimiento de enlaces simbólicos UNIX (Symlink) en el script clone-master-clean-up.sh de clone-master-clean-up en SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory permite a los atacantes locales eliminar archivos arbitrarios. Este problema afecta a: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up versión 1.6-4.6.1 y versiones anteriores. • https://bugzilla.suse.com/show_bug.cgi?id=1181050 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-25316 – Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools
https://notcve.org/view.php?id=CVE-2021-25316
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1. Una vulnerabilidad de Archivo Temporal No Seguro en s390-tools de SUSE Linux Enterprise Server versión 12-SP5, SUSE Linux Enterprise Server versión 15-SP2, permite a atacantes locales emitir migraciones en vivo de VM. Este problema afecta a: SUSE Linux Enterprise Server versiones 12-SP5 s390-tools anteriores a 2.1.0-18.29.1. SUSE Linux Enterprise Server versiones 15-SP2 s390-tools anteriores a 2.11.0-9.20.1 • https://bugzilla.suse.com/show_bug.cgi?id=1182777 • CWE-377: Insecure Temporary File •
CVE-2021-25315 – salt-api unauthenticated remote code execution
https://notcve.org/view.php?id=CVE-2021-25315
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. Una vulnerabilidad de Implementación Incorrecta del Algoritmo de Autenticación en SUSE SUSE Linux Enterprise Server versión 15 SP 3; openSUSE Tumbleweed, permite a atacantes locales ejecutar código arbitrario por medio de una sal sin la necesidad de especificar credenciales válidas. Este problema afecta a: salt de SUSE SUSE Linux Enterprise Server versión 15 SP 3 versiones anteriores a 3002.2-3. • https://bugzilla.suse.com/show_bug.cgi?id=1182382 • CWE-287: Improper Authentication •