Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities found for SUSE Linux Enterprise Software Development Kit 12-SP4 by SUSE

    CVE-2019-3681 (GCVE-0-2019-3681)

    Vulnerability from cvelistv5 – Published: 2020-06-29 12:00 – Updated: 2024-09-17 03:28
    VLAI
    Title
    osc: stores downloaded (supposed) RPM in network-controlled filesystem paths
    Summary
    A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Date Public
    2020-05-27 00:00
    Credits
    Malte Kraus of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1122675"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.169.1-3.20.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.162.1-15.9.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.162.1-15.9.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "0.169.1-lp151.2.15.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Factory",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "0.169.0",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Malte Kraus of SUSE"
            }
          ],
          "datePublic": "2020-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 ."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-29T12:00:16.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1122675"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1122675",
            "defect": [
              "1122675"
            ],
            "discovery": "INTERNAL"
          },
          "title": "osc: stores downloaded (supposed) RPM in network-controlled filesystem paths",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-05-27T00:00:00.000Z",
              "ID": "CVE-2019-3681",
              "STATE": "PUBLIC",
              "TITLE": "osc: stores downloaded (supposed) RPM in network-controlled filesystem paths"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.169.1-3.20.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.162.1-15.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.162.1-15.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.169.1-lp151.2.15.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Factory",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.169.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Malte Kraus of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 ."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-73: External Control of File Name or Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1122675",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1122675"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1122675",
              "defect": [
                "1122675"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2019-3681",
        "datePublished": "2020-06-29T12:00:16.969Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:54.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8017 (GCVE-0-2020-8017)

    Vulnerability from cvelistv5 – Published: 2020-04-02 14:05 – Updated: 2024-09-17 01:50
    VLAI
    Title
    race condition on texlive-filesystem cron job allows for the deletion of unintended files
    Summary
    A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Module for Desktop Applications 15-SP1 Affected: texlive-filesystem , < 2017.135-9.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP4 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP5 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: texlive-filesystem , < 2017.135-lp151.8.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-04-02 00:00
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:24.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2020:0804",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Module for Desktop Applications 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2017.135-9.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2017.135-lp151.8.3.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2020-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-13T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "name": "openSUSE-SU-2020:0804",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158910",
            "defect": [
              "1158910"
            ],
            "discovery": "INTERNAL"
          },
          "title": "race condition on texlive-filesystem cron job allows for the deletion of unintended files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8017",
        "datePublished": "2020-04-02T14:05:18.643Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:50.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8016 (GCVE-0-2020-8016)

    Vulnerability from cvelistv5 – Published: 2020-04-02 14:05 – Updated: 2024-09-16 19:30
    VLAI
    Title
    race condition in the packaging of texlive-filesysten
    Summary
    A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Module for Desktop Applications 15-SP1 Affected: texlive-filesystem , < 2017.135-9.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP4 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP5 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: texlive-filesystem , < 2017.135-lp151.8.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-04-01 00:00
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:24.747Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2020:0804",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Module for Desktop Applications 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2017.135-9.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2017.135-lp151.8.3.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2020-04-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-13T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "name": "openSUSE-SU-2020:0804",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1159740",
            "defect": [
              "1159740"
            ],
            "discovery": "INTERNAL"
          },
          "title": "race condition in the packaging of texlive-filesysten",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8016",
        "datePublished": "2020-04-02T14:05:17.952Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:49.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3696 (GCVE-0-2019-3696)

    Vulnerability from cvelistv5 – Published: 2020-03-03 11:05 – Updated: 2024-09-16 22:20
    VLAI
    Title
    pcp: Local privilege escalation from user pcp to root through migrate_tempdirs
    Summary
    A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    References
    Date Public
    2020-02-07 00:00
    Credits
    Johannes Segitz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-3.5.3",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-lp151.2.3.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz"
            }
          ],
          "datePublic": "2020-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T11:05:18.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1153921",
            "defect": [
              "1153921"
            ],
            "discovery": "INTERNAL"
          },
          "title": "pcp: Local privilege escalation from user pcp to root through migrate_tempdirs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-02-07T00:00:00.000Z",
              "ID": "CVE-2019-3696",
              "STATE": "PUBLIC",
              "TITLE": "pcp: Local privilege escalation from user pcp to root through migrate_tempdirs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-3.5.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server for SAP 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-lp151.2.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Johannes Segitz"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1153921",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1153921",
              "defect": [
                "1153921"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2019-3696",
        "datePublished": "2020-03-03T11:05:18.714Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:20:22.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3695 (GCVE-0-2019-3695)

    Vulnerability from cvelistv5 – Published: 2020-03-03 11:05 – Updated: 2024-09-16 18:03
    VLAI
    Title
    pcp: Local privilege escalation from user pcp to root
    Summary
    A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    References
    Date Public
    2020-02-07 00:00
    Credits
    Johannes Segitz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-3.5.3",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-lp151.2.3.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz"
            }
          ],
          "datePublic": "2020-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T11:05:17.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
            "defect": [
              "1152763"
            ],
            "discovery": "INTERNAL"
          },
          "title": "pcp: Local privilege escalation from user pcp to root",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-02-07T00:00:00.000Z",
              "ID": "CVE-2019-3695",
              "STATE": "PUBLIC",
              "TITLE": "pcp: Local privilege escalation from user pcp to root"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-3.5.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server for SAP 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-lp151.2.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Johannes Segitz"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Improper Control of Generation of Code"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
              "defect": [
                "1152763"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2019-3695",
        "datePublished": "2020-03-03T11:05:18.069Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:10.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3681 (GCVE-0-2019-3681)

    Vulnerability from nvd – Published: 2020-06-29 12:00 – Updated: 2024-09-17 03:28
    VLAI
    Title
    osc: stores downloaded (supposed) RPM in network-controlled filesystem paths
    Summary
    A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Date Public
    2020-05-27 00:00
    Credits
    Malte Kraus of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1122675"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.169.1-3.20.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.162.1-15.9.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.162.1-15.9.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "0.169.1-lp151.2.15.1",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Factory",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "0.169.0",
                  "status": "affected",
                  "version": "osc",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Malte Kraus of SUSE"
            }
          ],
          "datePublic": "2020-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 ."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-29T12:00:16.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1122675"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1122675",
            "defect": [
              "1122675"
            ],
            "discovery": "INTERNAL"
          },
          "title": "osc: stores downloaded (supposed) RPM in network-controlled filesystem paths",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-05-27T00:00:00.000Z",
              "ID": "CVE-2019-3681",
              "STATE": "PUBLIC",
              "TITLE": "osc: stores downloaded (supposed) RPM in network-controlled filesystem paths"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.169.1-3.20.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.162.1-15.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.162.1-15.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.169.1-lp151.2.15.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "openSUSE Factory",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "osc",
                                "version_value": "0.169.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Malte Kraus of SUSE"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 ."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-73: External Control of File Name or Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1122675",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1122675"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1122675",
              "defect": [
                "1122675"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2019-3681",
        "datePublished": "2020-06-29T12:00:16.969Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:54.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8017 (GCVE-0-2020-8017)

    Vulnerability from nvd – Published: 2020-04-02 14:05 – Updated: 2024-09-17 01:50
    VLAI
    Title
    race condition on texlive-filesystem cron job allows for the deletion of unintended files
    Summary
    A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Module for Desktop Applications 15-SP1 Affected: texlive-filesystem , < 2017.135-9.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP4 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP5 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: texlive-filesystem , < 2017.135-lp151.8.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-04-02 00:00
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:24.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2020:0804",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Module for Desktop Applications 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2017.135-9.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2017.135-lp151.8.3.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2020-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-13T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "name": "openSUSE-SU-2020:0804",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158910",
            "defect": [
              "1158910"
            ],
            "discovery": "INTERNAL"
          },
          "title": "race condition on texlive-filesystem cron job allows for the deletion of unintended files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8017",
        "datePublished": "2020-04-02T14:05:18.643Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:50.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8016 (GCVE-0-2020-8016)

    Vulnerability from nvd – Published: 2020-04-02 14:05 – Updated: 2024-09-16 19:30
    VLAI
    Title
    race condition in the packaging of texlive-filesysten
    Summary
    A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Module for Desktop Applications 15-SP1 Affected: texlive-filesystem , < 2017.135-9.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP4 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12-SP5 Affected: texlive-filesystem , < 2013.74-16.5.1 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.1 Affected: texlive-filesystem , < 2017.135-lp151.8.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-04-01 00:00
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:24.747Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2020:0804",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Module for Desktop Applications 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2017.135-9.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2013.74-16.5.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2017.135-lp151.8.3.1",
                  "status": "affected",
                  "version": "texlive-filesystem",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2020-04-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-13T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "name": "openSUSE-SU-2020:0804",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1159740",
            "defect": [
              "1159740"
            ],
            "discovery": "INTERNAL"
          },
          "title": "race condition in the packaging of texlive-filesysten",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2020-8016",
        "datePublished": "2020-04-02T14:05:17.952Z",
        "dateReserved": "2020-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:49.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3695 (GCVE-0-2019-3695)

    Vulnerability from nvd – Published: 2020-03-03 11:05 – Updated: 2024-09-16 18:03
    VLAI
    Title
    pcp: Local privilege escalation from user pcp to root
    Summary
    A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    References
    Date Public
    2020-02-07 00:00
    Credits
    Johannes Segitz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-3.5.3",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-lp151.2.3.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz"
            }
          ],
          "datePublic": "2020-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T11:05:17.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
            "defect": [
              "1152763"
            ],
            "discovery": "INTERNAL"
          },
          "title": "pcp: Local privilege escalation from user pcp to root",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-02-07T00:00:00.000Z",
              "ID": "CVE-2019-3695",
              "STATE": "PUBLIC",
              "TITLE": "pcp: Local privilege escalation from user pcp to root"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-3.5.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server for SAP 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-lp151.2.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Johannes Segitz"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Improper Control of Generation of Code"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1152763"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
              "defect": [
                "1152763"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2019-3695",
        "datePublished": "2020-03-03T11:05:18.069Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:10.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3696 (GCVE-0-2019-3696)

    Vulnerability from nvd – Published: 2020-03-03 11:05 – Updated: 2024-09-16 22:20
    VLAI
    Title
    pcp: Local privilege escalation from user pcp to root through migrate_tempdirs
    Summary
    A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    References
    Date Public
    2020-02-07 00:00
    Credits
    Johannes Segitz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-3.5.3",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server 15-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-5.8.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.11.9-6.14.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.1",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "4.3.1-lp151.2.3.1",
                  "status": "affected",
                  "version": "pcp",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz"
            }
          ],
          "datePublic": "2020-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T11:05:18.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1153921",
            "defect": [
              "1153921"
            ],
            "discovery": "INTERNAL"
          },
          "title": "pcp: Local privilege escalation from user pcp to root through migrate_tempdirs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2020-02-07T00:00:00.000Z",
              "ID": "CVE-2019-3696",
              "STATE": "PUBLIC",
              "TITLE": "pcp: Local privilege escalation from user pcp to root through migrate_tempdirs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-3.5.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server 15-LTSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Server for SAP 15",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-5.8.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SUSE Linux Enterprise Software Development Kit 12-SP5",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "3.11.9-6.14.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SUSE"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openSUSE Leap 15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "pcp",
                                "version_value": "4.3.1-lp151.2.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "openSUSE"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Johannes Segitz"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1153921",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1153921"
                }
              ]
            },
            "source": {
              "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1153921",
              "defect": [
                "1153921"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2019-3696",
        "datePublished": "2020-03-03T11:05:18.714Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:20:22.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }