CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31256 – sendmail: mail to root privilege escalation via sm-client.pre script
https://notcve.org/view.php?id=CVE-2022-31256
26 Oct 2022 — A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. Una vulnerabilidad de Resolución de Enlaces Inapropiada Antes del Acceso a Archivos ("Enlace Siguiente") en un script llamado por el servicio systemd de sendmail de openSUSE Factory permite a atacantes locales escalar desd... • https://bugzilla.suse.com/show_bug.cgi?id=1204696 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31251 – slurm: %post for slurm-testsuite operates as root in user owned directory
https://notcve.org/view.php?id=CVE-2022-31251
07 Sep 2022 — A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. Una vulnerabilidad de Permisos Incorrectos por Defecto en el empaquetado del testuite slurm de openSUSE Factory permite a atacantes locales con control sobre el usuario slurm escalar a root. Este problema afecta a openSUSE Factory slurm versiones anterior... • https://bugzilla.suse.com/show_bug.cgi?id=1201674 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-21950 – canna: unsafe handling of /tmp/.iroha_unix directory
https://notcve.org/view.php?id=CVE-2022-21950
07 Sep 2022 — A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. Una vulnerabilidad de Control de Acceso inapropiado en el servici... • https://bugzilla.suse.com/show_bug.cgi?id=1199280 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-21946 – suddoers configuration for cscreen not restrictive enough
https://notcve.org/view.php?id=CVE-2022-21946
16 Mar 2022 — A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. Una vulnerabilidad de Administración de Privilegios Inapropiada en la configuración de sudoers en cscreen de openSUSE Factory permite a cualquier usuario local conseguir ... • https://bugzilla.suse.com/show_bug.cgi?id=1196451 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-21945 – cscreen: usage of fixed path /tmp/cscreen.debug
https://notcve.org/view.php?id=CVE-2022-21945
16 Mar 2022 — A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. Una vulnerabilidad de Archivo Temporal no Seguro en cscreen de openSUSE Factory permite a atacantes locales causar DoS para cscreen y un DoS del sistema para los sistemas no predeterminados. Este problema afecta a: openSUSE Factory cscreen versión 1.2-1.3 y versiones an... • https://bugzilla.suse.com/show_bug.cgi?id=1196446 • CWE-377: Insecure Temporary File •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-46705 – grub2-once uses fixed file name in /var/tmp
https://notcve.org/view.php?id=CVE-2021-46705
16 Mar 2022 — A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. Una vulnerabilidad de Archivos Temporales no Seguros en grub-once de grub2 en SUSE Linux Enterprise Server 15 SP4, openSUSE Factory permite a atacantes locales truncar archivos arbitrario... • https://bugzilla.suse.com/show_bug.cgi?id=1190474 • CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2021-45082 – Ubuntu Security Notice USN-6475-1
https://notcve.org/view.php?id=CVE-2021-45082
18 Feb 2022 — An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) Se ha detectado un problema en Cobbler versiones hasta 3.3.0. En el archivo templar.py, la función check_for_invalid_imports puede permitir que el código Cheetah importe módulos de Python por medio de la subcadena "#from MODULE import". • https://bugzilla.suse.com/show_bug.cgi?id=1193678 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21944 – watchman: chown in watchman@.socket unit allows symlink attack
https://notcve.org/view.php?id=CVE-2022-21944
26 Jan 2022 — A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. Un enlace simbólico de UNIX (Symlink) Tras la vulnerabilidad en el archivo de servicio systemd para watchman de openSUSE Backports versión SLE-15-SP3, Factory permite a atacantes locales esca... • https://bugzilla.suse.com/show_bug.cgi?id=1194470 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36781 – parsec: dangerous 777 permissions for /run/parsec
https://notcve.org/view.php?id=CVE-2021-36781
14 Jan 2022 — A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. Una vulnerabilidad de Permisos Incorrectos por Defecto en el paquete parsec de openSUSE Factory permite a atacantes locales imitar el servicio conllevando a DoS o a que clientes hablen con un servicio impostor. Este problema afecta a: parsec de op... • https://bugzilla.suse.com/show_bug.cgi?id=1193484 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-46141 – Debian Security Advisory 5063-1
https://notcve.org/view.php?id=CVE-2021-46141
06 Jan 2022 — An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones inválidas en uriFreeUriMembers y uriMakeOwner. Two vulnerabilities were discovered in uriparser, a library that parses Uniform Resource Identifiers (URIs), which may result in denial of service or potentially in the the execution of arbitrary code. • https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released • CWE-416: Use After Free •