CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49505 – XSS vulnerability found in OpenSuse MirrorCache
https://notcve.org/view.php?id=CVE-2024-49505
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49506 – Fixed temporary file path in aeon-checks allows fixing of disk encryption key
https://notcve.org/view.php?id=CVE-2024-49506
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49506 • CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32183
https://notcve.org/view.php?id=CVE-2023-32183
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28321
https://notcve.org/view.php?id=CVE-2022-28321
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. El paquete Linux-PAM versiones anteriores a 1.5.2-6.1 para openSUSE Tumbleweed, permite omitir la autenticación en los inicios de sesión SSH. • http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://www.suse.com/security/cve/CVE-2022-28321.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31250 – keylime %post scriplet allows for privilege escalation from keylime user to root
https://notcve.org/view.php?id=CVE-2022-31250
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. Una vulnerabilidad de UNIX Symbolic Link (Symlink) Following en keylime de openSUSE Tumbleweed permite a atacantes locales escalar desde el usuario keylime a root. Este problema afecta a: openSUSE Tumbleweed keylime versiones anteriores a 6.4.2-1.1 • https://bugzilla.suse.com/show_bug.cgi?id=1200885 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •