CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-45154 – supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
https://notcve.org/view.php?id=CVE-2022-45154
15 Feb 2023 — A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 a... • https://bugzilla.suse.com/show_bug.cgi?id=1207598 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19636 – Local root exploit via inclusion of attacker controlled shell script
https://notcve.org/view.php?id=CVE-2018-19636
05 Mar 2019 — Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges Supportutils, en versiones anteriores a la 3.1-5.7.1, buscaba en el sistema de archivos por un binario ndspath al ejecutarse con una línea de comandos con el argumento -A. Si un atacante proporciona uno de dichos argumentos en una ubicación arbitraria, se ejecuta con privilegios root. An update t... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19637 – Static temporary filename allows overwriting of files
https://notcve.org/view.php?id=CVE-2018-19637
05 Mar 2019 — Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection Supportutils, en versiones anteriores a la 3.1-5.7.1, escribía datos al archivo estático tmp/supp_log, lo que permitía a los atacantes locales sobrescribir archivos en sistemas sin protecciones symlink. An update that solves 5 vulnerabilities and has 5 fixes is now available. This update for hostinfo, supportutils fixes the following issues. Secur... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19638 – User can overwrite arbitrary log files in support tar
https://notcve.org/view.php?id=CVE-2018-19638
05 Mar 2019 — In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. En Supportutils, en versiones anteriores a la 3.1-5.7.1, y si una batería de marcapasos está instalada en el sistema, un usuario sin privilegios podría haber sobrescrito archivos arbitrarios en el directorio utilizado por supportutils para recolectar los archivos de log. An update that solves... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19639 – Code execution if run with command line switch -v
https://notcve.org/view.php?id=CVE-2018-19639
05 Mar 2019 — If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root. Si supportutils, en versiones anteriores a la 3.1-5.7.1, se ejecuta con -v para realizar una verificación rpm y si el atacante consigue manipular la entrada rpm (p.ej., con CVE-2018-19638), éste puede ejecutar comandos arbitrarios como root. An update that solves 5 vulnerabilities and has 5 fixes is no... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19640 – Code execution if run with command line switch -v
https://notcve.org/view.php?id=CVE-2018-19640
05 Mar 2019 — If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine. Si el atacante logra crear archivos en el directorio utilizado para recolectar archivos de log en supportutils, en versiones anteriores a la 3.1-5.71, (p.ej., con CVE-2018-19638), éste puede finalizar procesos arbitrarios en la máquina local. An update that solves 5 vulnerabilities and has 5 fixes is now a... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html • CWE-20: Improper Input Validation CWE-377: Insecure Temporary File •