CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25315 – salt-api unauthenticated remote code execution
https://notcve.org/view.php?id=CVE-2021-25315
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. Una vulnerabilidad de Implementación Incorrecta del Algoritmo de Autenticación en SUSE SUSE Linux Enterprise Server versión 15 SP 3; openSUSE Tumbleweed, permite a atacantes locales ejecutar código arbitrario por medio de una sal sin la necesidad de especificar credenciales válidas. Este problema afecta a: salt de SUSE SUSE Linux Enterprise Server versión 15 SP 3 versiones anteriores a 3002.2-3. • https://bugzilla.suse.com/show_bug.cgi?id=1182382 • CWE-287: Improper Authentication •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-8027 – openldap uses fixed paths in /tmp
https://notcve.org/view.php?id=CVE-2020-8027
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1. Una vulnerabilidad de archivo temporal no seguro en openldap2 de SUSE Linux Enterprise Server versión 15-LTSS, SUSE Linux Enterprise Server para SAP versión 15; openSUSE Leap versión 15.1, openSUSE Leap versión 15.2, permite a atacantes locales sobrescribir archivos arbitrarios y obtener acceso a la configuración de openldap2. Este problema afecta a: openldap2 de SUSE Linux Enterprise Server versión 15-LTSS versiones anteriores a 2.4.46-9.37.1. openldap2 de SUSE Linux Enterprise Server para SAP versión 15 versiones anteriores a 2.4.46-9.37.1. • https://bugzilla.suse.com/show_bug.cgi?id=1175568 • CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 1CVE-2020-8023 – Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2
https://notcve.org/view.php?id=CVE-2020-8023
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. • https://bugzilla.suse.com/show_bug.cgi?id=1172698 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-24368
https://notcve.org/view.php?id=CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. Icinga Icinga Web 2 versiones 2.0.0 hasta 2.6.4, 2.7.4 y 2.8.2, presenta una vulnerabilidad de Salto de Directorio que permite a un atacante acceder a archivos arbitrarios que son legibles por el proceso que ejecuta Icinga Web 2. Este problema se corrigió en Icinga Web 2 en versiones v2.6.4, v2.7.4 y v2.8.2. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00026.html https://github.com/Icinga/icingaweb2/blob/master/CHANGELOG.md https://github.com/Icinga/icingaweb2/issues/4226 https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2 https://lists.debian.org/debian-lts-announce/2020/08/msg00040.html https://security.gentoo.org/glsa/202208-05 https://www.debian.org/security/2020/dsa-4747 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-8025 – outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues
https://notcve.org/view.php?id=CVE-2020-8025
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. Una vulnerabilidad de Permisos de Ejecución Asignados Incorrectos en el paquete permissions de SUSE Linux Enterprise Server versión 12-SP4, SUSE Linux Enterprise Server versión 15-LTSS, SUSE Linux Enterprise Server para SAP 15; openSUSE Leap versión 15.1, openSUSE Tumbleweed, establece los permisos para algunos de los directorios del paquete pcp en configuraciones no deseadas. • https://bugzilla.suse.com/show_bug.cgi?id=1171883 • CWE-279: Incorrect Execution-Assigned Permissions •