CVE-2020-15707 – GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
https://notcve.org/view.php?id=CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. Se detectaron desbordamientos de enteros en las funciones grub_cmd_initrd y grub_initrd_init en el componente efilinux de GRUB2, como se incluye en Debian, Red Hat y Ubuntu (la funcionalidad no está incluida aguas arriba de GRUB2), conllevando a un desbordamiento del búfer en la región heap de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 https://access.redhat.com/security/vulnerabilities/grub2bootloader https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 https://security.gentoo.org/ • CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2019-3681 – osc: stores downloaded (supposed) RPM in network-controlled filesystem paths
https://notcve.org/view.php?id=CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 . Una vulnerabilidad de Control Externo de Nombre de Archivo o Ruta en osc de SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory, permitió a atacantes remotos que pueden cambiar los paquetes descargados para sobrescribir archivos arbitrarios. • https://bugzilla.suse.com/show_bug.cgi?id=1122675 • CWE-73: External Control of File Name or Path •
CVE-2020-8022 – User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
https://notcve.org/view.php?id=CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html https://bugzilla.suse.com/show_bug.cgi?id=1172405 https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf50d02409e5732 • CWE-276: Incorrect Default Permissions •
CVE-2019-18905 – Deprecated functionality in autoyast2 automatically imports gpg keys without checking them
https://notcve.org/view.php?id=CVE-2019-18905
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions. Una vulnerabilidad de Verificación Insuficiente de la Autenticidad de Datos en autoyast2 de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, permite a atacantes remotos conexiones de tipo MITM cuando es usada la funcionalidad obsoleta y no utilizada autoyast para crear imágenes. Este problema afecta a: autoyast2 de SUSE Linux Enterprise Server 12 versión 4.1.9-3.9.1 y versiones anteriores. autoyast2 de SUSE Linux Enterprise Server 15 versión 4.0.70-3.20.1 y versiones anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00050.html https://bugzilla.suse.com/show_bug.cgi?id=1140711 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2019-18904 – Migrations requests can cause DoS on rmt
https://notcve.org/view.php?id=CVE-2019-18904
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. • https://bugzilla.suse.com/show_bug.cgi?id=1160922 • CWE-400: Uncontrolled Resource Consumption •