CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-21950 – canna: unsafe handling of /tmp/.iroha_unix directory
https://notcve.org/view.php?id=CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. Una vulnerabilidad de Control de Acceso inapropiado en el servicio systemd de cana en openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 permite a usuarios locales secuestrar el socket de dominio UNIX Este problema afecta a: openSUSE Backports SLE-15-SP3 versiones de canna anteriores a canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 versiones de canna anteriores a 3.7p3-bp154.3.3.1. openSUSE Factory también está afectado. En lugar de arreglar el paquete fue eliminado allí • https://bugzilla.suse.com/show_bug.cgi?id=1199280 • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1158
https://notcve.org/view.php?id=CVE-2002-1158
Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. Desbordamiento de búfer en Canna 3.5.b2 y anteriores permite a usuarios locales ejecutar código arbitrario como el usuario bin. • http://canna.sourceforge.jp/sec/Canna-2002-01.txt http://marc.info/?l=bugtraq&m=104041812206344&w=2 http://www.debian.org/security/2003/dsa-224 http://www.redhat.com/support/errata/RHSA-2002-246.html http://www.redhat.com/support/errata/RHSA-2002-261.html http://www.redhat.com/support/errata/RHSA-2003-115.html http://www.securityfocus.com/bid/6351 https://exchange.xforce.ibmcloud.com/vulnerabilities/10831 https://access.redhat.com/security/cve/CVE-2002-1158 https: •
CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 0CVE-2002-1159
https://notcve.org/view.php?id=CVE-2002-1159
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. Canna 3.6 y anteriores no validan adecuadamente las peticiones, lo que permite a atacantes remotos causar una denegación de servicio o fuga de información. • http://canna.sourceforge.jp/sec/Canna-2002-01.txt http://www.debian.org/security/2003/dsa-224 http://www.redhat.com/support/errata/RHSA-2002-246.html http://www.redhat.com/support/errata/RHSA-2002-261.html http://www.redhat.com/support/errata/RHSA-2003-115.html http://www.securityfocus.com/bid/6354 https://exchange.xforce.ibmcloud.com/vulnerabilities/10832 https://access.redhat.com/security/cve/CVE-2002-1159 https://bugzilla.redhat.com/show_bug.cgi?id=1616851 •