CVE-2023-22643 – libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
https://notcve.org/view.php?id=CVE-2023-22643
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. • https://bugzilla.suse.com/show_bug.cgi?id=1206836 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-43756 – Rancher/Wrangler: Denial of service when processing Git credentials
https://notcve.org/view.php?id=CVE-2022-43756
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. • https://bugzilla.suse.com/show_bug.cgi?id=1205296 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-31254 – rmt-server-pubcloud allows to escalate from user _rmt to root
https://notcve.org/view.php?id=CVE-2022-31254
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. • https://bugzilla.suse.com/show_bug.cgi?id=1204285 • CWE-276: Incorrect Default Permissions •
CVE-2022-43759 – Rancher: Privilege escalation via promoted roles
https://notcve.org/view.php?id=CVE-2022-43759
A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10. • https://bugzilla.suse.com/show_bug.cgi?id=1205293 • CWE-269: Improper Privilege Management •
CVE-2022-31249 – [RANCHER] OS command injection in Rancher and Fleet
https://notcve.org/view.php?id=CVE-2022-31249
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. • https://bugzilla.suse.com/show_bug.cgi?id=1200299 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •