CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31998 – inn: %post calls user owned file allowing local privilege escalation to root
https://notcve.org/view.php?id=CVE-2021-31998
10 Jun 2021 — A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. Una vulnerabilidad de Permisos por Defecto Incorrectos e... • https://bugzilla.suse.com/show_bug.cgi?id=1182321 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3692 – Local privilege escalation from user news to root in the packaging of inn
https://notcve.org/view.php?id=CVE-2019-3692
24 Jan 2020 — The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. El empaquetado de inn en SUSE Linux Enterprise Server versión 11; openSUSE Factory, Leap versión 15.1, permite a atacante... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •