CVE-2019-18902 – wicked: Use-after-free when receiving invalid DHCP6 client options
https://notcve.org/view.php?id=CVE-2019-18902
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. Una vulnerabilidad de Uso de la Memoria Previamente Liberada en wicked de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, y Factory, permite a atacantes remotos causar DoS o potencialmente una ejecución de código. Este problema afecta: wicked de SUSE Linux Enterprise Server 12 versiones anteriores a 0.6.60-3.5.1. wicked de SUSE Linux Enterprise Server 15 versiones anteriores a 0.6.60-3.21.1. wicked de openSUSE Leap 15.1 versiones anteriores a 0.6.60-lp151.2.6.1. wicked de openSUSE Factory versiones anteriores a 0.6.62. • https://bugzilla.suse.com/show_bug.cgi?id=1160903 • CWE-416: Use After Free •
CVE-2020-8013 – permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim
https://notcve.org/view.php?id=CVE-2020-8013
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html https://bugzilla.suse.com/show_bug.cgi?id=1163922 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18901 – mysql-systemd-helper allows setting 640 permissions of arbitrary files
https://notcve.org/view.php?id=CVE-2019-18901
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en mysql-systemd-helper del paquete mariadb de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, permite a atacantes locales cambiar los permisos de archivos arbitrarios a 0640. Este problema afecta a: mariadb de SUSE Linux Enterprise Server 12 versiones anteriores a 10.2.31-3.25.1. mariadb de SUSE Linux Enterprise Server 15 versiones anteriores a 10.2.31-3.26.1. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html https://bugzilla.suse.com/show_bug.cgi?id=1160895 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18897 – Local privilege escalation from user salt to root
https://notcve.org/view.php?id=CVE-2019-18897
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en el empaquetado de la sal de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory, permite a atacantes locales escalar los privilegios de la sal de user a root. Este problema afecta a: salt-master de SUSE Linux Enterprise Server 12 versión 2019.2.0-46.83.1 y versiones anteriores. salt-master de SUSE Linux Enterprise Server 15 versión 2019.2.0-6.21.1 y versiones anteriores. salt-master de OpenSUSE Factory versión 2019.2.2-3.1 y versiones anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html https://bugzilla.suse.com/show_bug.cgi?id=1157465 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-3698 – nagios cron job allows privilege escalation from user nagios to root
https://notcve.org/view.php?id=CVE-2019-3698
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el cronjob enviado con nagios de SUSE Linux Enterprise Server versión 12, SUSE Linux Enterprise Server versión 11; openSUSE Factory, permite a atacantes locales causar una DoS o escalar potencialmente privilegios al ganar una carrera. Este problema afecta: SUSE Linux Enterprise Server versión 12 nagios versión 3.5.1-5.27 y versiones anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html https://bugzilla.suse.com/show_bug.cgi?id=1156309 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •