CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18901 – mysql-systemd-helper allows setting 640 permissions of arbitrary files
https://notcve.org/view.php?id=CVE-2019-18901
02 Mar 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en mysql-systemd-helper del pa... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18897 – Local privilege escalation from user salt to root
https://notcve.org/view.php?id=CVE-2019-18897
02 Mar 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. Una vulne... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 1CVE-2019-3698 – nagios cron job allows privilege escalation from user nagios to root
https://notcve.org/view.php?id=CVE-2019-3698
28 Feb 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior version... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 6%CPEs: 8EXPL: 1CVE-2020-9428 – Gentoo Linux Security Advisory 202007-13
https://notcve.org/view.php?id=CVE-2020-9428
27 Feb 2020 — In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. En Wireshark versiones 3.2.0 hasta 3.2.1, versiones 3.0.0 hasta 3.0.8 y versiones 2.6.0 hasta 2.6.14, el disector EAP podría bloquearse. Esto se abordó en el archivo epan/disectors/packet-eap.c mediante el uso de un análisis sscanf más cuidadoso. Multiple vulnerabilities have been found in Wireshark, the worst of which could... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9429 – Gentoo Linux Security Advisory 202007-13
https://notcve.org/view.php?id=CVE-2020-9429
27 Feb 2020 — In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. En Wireshark versiones 3.2.0 hasta 3.2.1, el disector WireGuard podría bloquearse. Esto se abordó en el archivo epan/disectors/packet-wireguard.c mediante el manejo de la situación en la que determinada estructura de datos presenta un valor NULL intencionalmente. Multiple vulnerabilities have been f... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 2CVE-2020-9430 – Gentoo Linux Security Advisory 202007-13
https://notcve.org/view.php?id=CVE-2020-9430
27 Feb 2020 — In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. En Wireshark versiones 3.2.0 hasta 3.2.1, versiones 3.0.0 hasta 3.0.8 y versiones 2.6.0 hasta 2.6.14, el disector WiMax DLMAP podría bloquearse. Esto se abordó en el archivo plugins/epan/wimax/ msg_dlmap.c mediante la comprobación de un campo de longitud. Multiple vulnerabilities have been found in Wireshark, the worst of ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 1CVE-2020-9431 – Gentoo Linux Security Advisory 202007-13
https://notcve.org/view.php?id=CVE-2020-9431
27 Feb 2020 — In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. En Wireshark versiones 3.2.0 hasta 3.2.1, versiones 3.0.0 hasta 3.0.8 y versiones 2.6.0 hasta 2.6.14, el disector LTE RRC podría perder memoria. Esto se abordó en el archivo epan/disectors/packet-lte-rrc.c mediante el ajuste de determinadas operaciones de adición. Multiple vulnerabilities have been found in W... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2020-7063 – Files added to tar with Phar::buildFromIterator have all-access permissions
https://notcve.org/view.php?id=CVE-2020-7063
27 Feb 2020 — In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html • CWE-281: Improper Preservation of Permissions CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 1CVE-2020-7062 – Null Pointer Dereference in PHP Session Upload Progress
https://notcve.org/view.php?id=CVE-2020-7062
27 Feb 2020 — In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuan... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7043
https://notcve.org/view.php?id=CVE-2020-7043
27 Feb 2020 — An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones anteriores a 1.0.2. en el archivo tunnel.c maneja inapropiadamente la comprobación del certificado porque las comparaciones hostname no consideran los caracteres "\... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html • CWE-295: Improper Certificate Validation •