CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49505 – XSS vulnerability found in OpenSuse MirrorCache
https://notcve.org/view.php?id=CVE-2024-49505
13 Nov 2024 — A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083. A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects Mirr... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49506 – Fixed temporary file path in aeon-checks allows fixing of disk encryption key
https://notcve.org/view.php?id=CVE-2024-49506
13 Nov 2024 — Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49506 • CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32183
https://notcve.org/view.php?id=CVE-2023-32183
07 Jul 2023 — Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28321 – Ubuntu Security Notice USN-5825-2
https://notcve.org/view.php?id=CVE-2022-28321
19 Sep 2022 — The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. El paquete Linux-PAM versiones anteriores a 1.5.2-... • http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31250 – keylime %post scriplet allows for privilege escalation from keylime user to root
https://notcve.org/view.php?id=CVE-2022-31250
20 Jul 2022 — A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. Una vulnerabilidad de UNIX Symbolic Link (Symlink) Following en keylime de openSUSE Tumbleweed permite a atacantes locales escalar desde el usuario keylime a root. Este problema afecta a: openSUSE Tumbleweed keylime versiones anteriores a 6.4.2-1.1 • https://bugzilla.suse.com/show_bug.cgi?id=1200885 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25315 – salt-api unauthenticated remote code execution
https://notcve.org/view.php?id=CVE-2021-25315
03 Mar 2021 — CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and p... • https://bugzilla.suse.com/show_bug.cgi?id=1182382 • CWE-287: Improper Authentication •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8026 – inn: non-root owned files
https://notcve.org/view.php?id=CVE-2020-8026
07 Aug 2020 — A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paque... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8014 – kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage
https://notcve.org/view.php?id=CVE-2020-8014
29 Jun 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1. Una Vulnerabilidad de Seguimiento Enlace Simbólico de UNIX (Symlink) en el paquete de kopano-spamd de openSUSE Leap 15.1, openSUSE Tumbleweed perm... • https://bugzilla.suse.com/show_bug.cgi?id=1164131 • CWE-61: UNIX Symbolic Link (Symlink) Following •