CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8014 – kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage
https://notcve.org/view.php?id=CVE-2020-8014
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1. Una Vulnerabilidad de Seguimiento Enlace Simbólico de UNIX (Symlink) en el paquete de kopano-spamd de openSUSE Leap 15.1, openSUSE Tumbleweed permitió a atacantes locales con los privilegios del usuario de kopano escalar a root. Este problema afecta: kopano-spamd de openSUSE Leap 15.1 versiones anteriores a 10.0.5-lp151.4.1. kopano-spamd de openSUSE Tumbleweed versiones anteriores a 10.0.5-1.1 • https://bugzilla.suse.com/show_bug.cgi?id=1164131 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1CVE-2019-3681 – osc: stores downloaded (supposed) RPM in network-controlled filesystem paths
https://notcve.org/view.php?id=CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 . Una vulnerabilidad de Control Externo de Nombre de Archivo o Ruta en osc de SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory, permitió a atacantes remotos que pueden cambiar los paquetes descargados para sobrescribir archivos arbitrarios. • https://bugzilla.suse.com/show_bug.cgi?id=1122675 • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2020-8019 – syslog-ng: Local privilege escalation from new to root in %post
https://notcve.org/view.php?id=CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. • https://bugzilla.suse.com/show_bug.cgi?id=1169385 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 1CVE-2020-8022 – User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
https://notcve.org/view.php?id=CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html https://bugzilla.suse.com/show_bug.cgi?id=1172405 https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf50d02409e5732 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-8024 – Problematic permissions in hylafax+ packaging allow escalation from uucp to other users
https://notcve.org/view.php?id=CVE-2020-8024
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de hylafax+ de openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory, permite a atacantes locales escalar desde un usuario uucp a usuarios que llaman binarios de hylafax. Este problema afecta: hylafax+ de openSUSE Leap versiones 15.2 anteriores a 7.0.2-lp152.2.1. hylafax+ de openSUSE Leap 15.1 versiones 5.6.1-lp151.3.7 y anteriores. hylafax+ de openSUSE Factory versiones anteriores a 7.0.2-2.1 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.html https://bugzilla.suse.com/show_bug.cgi?id=1172731 • CWE-276: Incorrect Default Permissions •