CVE-2024-49505 – XSS vulnerability found in OpenSuse MirrorCache
https://notcve.org/view.php?id=CVE-2024-49505
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-49506 – Fixed temporary file path in aeon-checks allows fixing of disk encryption key
https://notcve.org/view.php?id=CVE-2024-49506
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49506 • CWE-377: Insecure Temporary File •
CVE-2023-32182
https://notcve.org/view.php?id=CVE-2023-32182
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. Vulnerabilidad de Resolución de Enlace Incorrecta Antes del Acceso a Archivos ('Link Following') en SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix. Este problema afecta a SUSE Linux Enterprise Desktop 15 SP5 : antes de 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: anterior a 3.7.3-150500.3.5.1; openSUSE Leap 15.5: anterior a 3.7.3-150500.3.5.1. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-32184
https://notcve.org/view.php?id=CVE-2023-32184
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a. Una vulnerabilidad de Almacenamiento Inseguro de Información Confidencial en openSUSE opensuse-welcome permite a los atacantes locales ejecutar código como el usuario que ejecuta opensuse-welcome si se elige un diseño personalizado. Este problema afecta a opensuse-welcome: desde la versión 0.1 antes de 0.1.9+git.35.4b9444a. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2023-32183
https://notcve.org/view.php?id=CVE-2023-32183
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 • CWE-276: Incorrect Default Permissions •