CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22038 – DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge
https://notcve.org/view.php?id=CVE-2024-22038
28 Nov 2024 — Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. Varios problemas en obs-scm-bridge permiten a atacantes que crean repositorios git especialmente manipulados filtrar información o provocar una denegación de servicio. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49504 – grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images
https://notcve.org/view.php?id=CVE-2024-49504
13 Nov 2024 — grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22034 – Crafted projects can overwrite special files in the .osc config directory
https://notcve.org/view.php?id=CVE-2024-22034
16 Oct 2024 — Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim Los atacantes podrían colocar los archivos especiales en .osc en las fuentes del paquete real (por ejemplo, _apiurl). Esto permite al atacante cambiar la configuración de osc para la víctima. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034 •
CVSS: 6.5EPSS: 4%CPEs: 2EXPL: 0CVE-2024-22033 – obs-service-download_url is vulnerable to argument injection
https://notcve.org/view.php?id=CVE-2024-22033
16 Oct 2024 — The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps El servicio OBS obs-service-download_url era vulnerable a una vulnerabilidad de inyección de comandos. El atacante podría proporcionar una configuración al servicio que permitiera ejecutar comandos en pasos posteriores. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22033 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-22029 – tomcat packaging allows for escalation to root from tomcat user
https://notcve.org/view.php?id=CVE-2024-22029
16 Oct 2024 — Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root Los permisos inseguros en el empaquetado de Tomcat permiten que los usuarios locales que ganan una carrera durante la instalación del paquete escalen a la raíz • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32190 – mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable
https://notcve.org/view.php?id=CVE-2023-32190
16 Oct 2024 — mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. El script %post de mlocate permite al usuario RUN_UPDATEDB_AS hacer que archivos arbitrarios sean legibles para todo el mundo abusando de operaciones de archivos inseguras que se ejecutan con privilegios de root. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32190 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45155 – obs-service-go_modules: arbitrary directory delete
https://notcve.org/view.php?id=CVE-2022-45155
15 Mar 2023 — An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1. • https://bugzilla.suse.com/show_bug.cgi?id=1201138 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-32000 – clone-master-clean-up: dangerous file system operations
https://notcve.org/view.php?id=CVE-2021-32000
28 Jul 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-u... • https://bugzilla.suse.com/show_bug.cgi?id=1181050 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 3CVE-2006-7246
https://notcve.org/view.php?id=CVE-2006-7246
27 Jan 2020 — NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. NetworkManager versiones 0.9.x, no fija un asunto del certificado en un ESSID cuando es usada la autenticación 802.11X. • http://www.openwall.com/lists/oss-security/2010/04/22/2 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-12476 – obs-service-extract_file's outfilename parameter allows to write files outside of package directory
https://notcve.org/view.php?id=CVE-2018-12476
27 Jan 2020 — Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. Una vulnerabilidad de Salto de Ruta Relativa en obs-servi... • https://bugzilla.suse.com/show_bug.cgi?id=1107944 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •