CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22034 – Crafted projects can overwrite special files in the .osc config directory
https://notcve.org/view.php?id=CVE-2024-22034
19 Aug 2024 — Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim Los atacantes podrían colocar los archivos especiales en .osc en las fuentes del paquete real (por ejemplo, _apiurl). Esto permite al atacante cambiar la configuración de osc para la víctima. This update for osc fixes the following issues. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-22029 – tomcat packaging allows for escalation to root from tomcat user
https://notcve.org/view.php?id=CVE-2024-22029
14 Feb 2024 — Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root Los permisos inseguros en el empaquetado de Tomcat permiten que los usuarios locales que ganan una carrera durante la instalación del paquete escalen a la raíz This update for tomcat fixes the following issues. Updated to Tomcat 9.0.85. Improve trailer header parsing. FileUpload: remove tmp files to avoid DoS on Windows. Improve handling of failures during recycle methods. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4675
https://notcve.org/view.php?id=CVE-2020-4675
16 Jul 2021 — IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. IBM InfoSphere Master Data Management Server versión 11.6, es vulnerable a un ataque de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-F... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186324 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8015 – Local privilege escalation in exim package from user mail to root
https://notcve.org/view.php?id=CVE-2020-8015
02 Apr 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. Una vulnerabilidad de seguimiento de enlace simbólico (Symlink) de UNIX en el empaquetado de exim en openSUSE Factory, permite a atacantes locales escalar desde un correo de usuario a root. Este problema afecta: exim de openSUSE Factory versiones anteriores a 4.93.0.4-3.1. An up... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-3565
https://notcve.org/view.php?id=CVE-2013-3565
31 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz HTTP en VideoLAN VLC Media Player versiones anteriores a 2.0.7, ... • http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 3CVE-2006-7246
https://notcve.org/view.php?id=CVE-2006-7246
27 Jan 2020 — NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. NetworkManager versiones 0.9.x, no fija un asunto del certificado en un ESSID cuando es usada la autenticación 802.11X. • http://www.openwall.com/lists/oss-security/2010/04/22/2 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-18898 – trousers: Local privilege escalation from tss to root
https://notcve.org/view.php?id=CVE-2019-18898
23 Jan 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. Enlace simbólico de UNIX (Symlink) Siguiendo la vulnerabilidad en el paquete trousers de SUSE Linux Enterprise Server 15 SP1; Los atacantes locales permitidos... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3495
https://notcve.org/view.php?id=CVE-2014-3495
13 Dec 2019 — duplicity 0.6.24 has improper verification of SSL certificates duplicity versión 0.6.24, presenta una comprobación inapropiada de los certificados SSL. • https://access.redhat.com/security/cve/cve-2014-3495 • CWE-295: Improper Certificate Validation •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2387
https://notcve.org/view.php?id=CVE-2014-2387
13 Dec 2019 — Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities Pen versión 0.18.0, presenta vulnerabilidades no seguras en la creación de archivos temporales. • http://www.openwall.com/lists/oss-security/2014/03/13/5 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2013-7370
https://notcve.org/view.php?id=CVE-2013-7370
11 Dec 2019 — node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •