CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 1CVE-2019-3695 – pcp: Local privilege escalation from user pcp to root
https://notcve.org/view.php?id=CVE-2019-3695
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. • https://bugzilla.suse.com/show_bug.cgi?id=1152763 https://access.redhat.com/security/cve/CVE-2019-3695 https://bugzilla.redhat.com/show_bug.cgi?id=1811703 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 1CVE-2019-3698 – nagios cron job allows privilege escalation from user nagios to root
https://notcve.org/view.php?id=CVE-2019-3698
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el cronjob enviado con nagios de SUSE Linux Enterprise Server versión 12, SUSE Linux Enterprise Server versión 11; openSUSE Factory, permite a atacantes locales causar una DoS o escalar potencialmente privilegios al ganar una carrera. Este problema afecta: SUSE Linux Enterprise Server versión 12 nagios versión 3.5.1-5.27 y versiones anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html https://bugzilla.suse.com/show_bug.cgi?id=1156309 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7043
https://notcve.org/view.php?id=CVE-2020-7043
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones anteriores a 1.0.2. en el archivo tunnel.c maneja inapropiadamente la comprobación del certificado porque las comparaciones hostname no consideran los caracteres "\0", como es demostrado por un ataque de good.example.com\x00evil.example.com. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7042
https://notcve.org/view.php?id=CVE-2020-7042
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones 1.0.2 o posteriores, en el archivo tunnel.c, maneja inapropiadamente la comprobación del certificado porque la verificación del nombre de host funciona en la memoria no inicializada. El resultado es que un certificado válido nunca es aceptado (solo puede ser aceptado un certificado malformado). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7041
https://notcve.org/view.php?id=CVE-2020-7041
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones 1.0.2 o posteriores, el archivo tunnel.c maneja inapropiadamente la comprobación del certificado porque un código de error negativo de X509_check_host se interpreta como un valor de retorno exitoso. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation •