CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49504 – grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images
https://notcve.org/view.php?id=CVE-2024-49504
13 Nov 2024 — grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504 • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32190 – mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable
https://notcve.org/view.php?id=CVE-2023-32190
16 Oct 2024 — mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. El script %post de mlocate permite al usuario RUN_UPDATEDB_AS hacer que archivos arbitrarios sean legibles para todo el mundo abusando de operaciones de archivos inseguras que se ejecutan con privilegios de root. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32190 • CWE-125: Out-of-bounds Read •