CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31256 – sendmail: mail to root privilege escalation via sm-client.pre script
https://notcve.org/view.php?id=CVE-2022-31256
26 Oct 2022 — A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. Una vulnerabilidad de Resolución de Enlaces Inapropiada Antes del Acceso a Archivos ("Enlace Siguiente") en un script llamado por el servicio systemd de sendmail de openSUSE Factory permite a atacantes locales escalar desd... • https://bugzilla.suse.com/show_bug.cgi?id=1204696 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31251 – slurm: %post for slurm-testsuite operates as root in user owned directory
https://notcve.org/view.php?id=CVE-2022-31251
07 Sep 2022 — A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. Una vulnerabilidad de Permisos Incorrectos por Defecto en el empaquetado del testuite slurm de openSUSE Factory permite a atacantes locales con control sobre el usuario slurm escalar a root. Este problema afecta a openSUSE Factory slurm versiones anterior... • https://bugzilla.suse.com/show_bug.cgi?id=1201674 • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36781 – parsec: dangerous 777 permissions for /run/parsec
https://notcve.org/view.php?id=CVE-2021-36781
14 Jan 2022 — A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. Una vulnerabilidad de Permisos Incorrectos por Defecto en el paquete parsec de openSUSE Factory permite a atacantes locales imitar el servicio conllevando a DoS o a que clientes hablen con un servicio impostor. Este problema afecta a: parsec de op... • https://bugzilla.suse.com/show_bug.cgi?id=1193484 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25319 – virtualbox: missing sticky bit for /etc/vbox allows local root exploit for members of vboxusers group
https://notcve.org/view.php?id=CVE-2021-25319
05 May 2021 — A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. Una vulnerabilidad de permisos predeterminados incorrectos en el paquete de virtualbox de openSUSE Factory, permite a atacantes locales en el grupo de vboxusers escalar a root. Este problema afecta a: openSUSE Factory virtualbox versión 6.1.20-1.1 y versi... • https://bugzilla.suse.com/show_bug.cgi?id=1182918 • CWE-276: Incorrect Default Permissions •