rpm package
opensuse/permissions&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/permissions&distro=openSUSE%20Leap%2015.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31252 | — | < 20181225-150200.23.15.1 | 20181225-150200.23.15.1 | Oct 6, 2022 | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location | ||
| CVE-2020-8013 | — | < 20200127-lp153.24.3.1 | 20200127-lp153.24.3.1 | Mar 2, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The sy | ||
| CVE-2019-3687 | — | < 20200127-lp153.24.3.1 | 20200127-lp153.24.3.1 | Jan 24, 2020 | The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 t | ||
| CVE-2019-3688 | — | < 20200127-lp153.24.3.1 | 20200127-lp153.24.3.1 | Oct 7, 2019 | The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the sq |
- CVE-2022-31252Oct 6, 2022affected < 20181225-150200.23.15.1fixed 20181225-150200.23.15.1
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location
- CVE-2020-8013Mar 2, 2020affected < 20200127-lp153.24.3.1fixed 20200127-lp153.24.3.1
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The sy
- CVE-2019-3687Jan 24, 2020affected < 20200127-lp153.24.3.1fixed 20200127-lp153.24.3.1
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 t
- CVE-2019-3688Oct 7, 2019affected < 20200127-lp153.24.3.1fixed 20200127-lp153.24.3.1
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the sq