cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-45153,https://securityvulnerability.io/vulnerability/CVE-2022-45153,saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls,"The saphanabootstrap-formula component in specific SUSE Linux distributions allows local attackers the ability to escalate privileges to root. This arises from an incorrect default permissions setting in the sudo configuration, making it vulnerable to manipulation. Affected versions in SUSE Linux Enterprise Module for SAP Applications 15-SP1 and openSUSE Leap 15.4 are at risk if they are prior to version 0.13.1+git.1667812208.4db963e. It’s crucial for users to update to the latest version to mitigate this issue.",Suse,"Suse Linux Enterprise Module For SAP Applications 15-sp1,Suse Linux Enterprise Server For SAP 12-sp5,Opensuse Leap 15.4",7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2022-31254,https://securityvulnerability.io/vulnerability/CVE-2022-31254,rmt-server-pubcloud allows to escalate from user _rmt to root,"An Incorrect Default Permissions vulnerability has been identified in the rmt-server-regsharing service of multiple SUSE products. This flaw permits local attackers with access to the _rmt user to escalate their privileges to root, potentially compromising the system's integrity. Affected versions include SUSE Linux Enterprise Server for SAP 15, its SP1 edition, SUSE Manager Server 4.1, and openSUSE Leap 15.3 and 15.4, specifically those rmt-server versions prior to 2.10. It is critical for organizations using these systems to apply the necessary updates to mitigate this security risk.",Suse,"Suse Linux Enterprise Server For SAP 15,Suse Linux Enterprise Server For SAP 15-sp1,Suse Manager Server 4.1,Opensuse Leap 15.3,Opensuse Leap 15.4",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-07T00:00:00.000Z,0
CVE-2023-22643,https://securityvulnerability.io/vulnerability/CVE-2023-22643,libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls,"An improper handling of special elements in the libzypp-plugin-appdata of SUSE Linux Enterprise Server and openSUSE Leap permits malicious actors to exploit the system. By manipulating REPO_ALIAS, REPO_TYPE, or REPO_METADATA_PATH settings, attackers can execute arbitrary code with root privileges, potentially compromising the integrity and security of affected systems. This vulnerability affects specific versions of the libzypp-plugin-appdata, highlighting the need for users to update to the latest versions to mitigate these risks.",SUSE,"SUSE Linux Enterprise Server for SAP 15-SP3,openSUSE Leap 15.4",7.8,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-02-07T00:00:00.000Z,0
CVE-2022-31252,https://securityvulnerability.io/vulnerability/CVE-2022-31252,permissions: chkstat does not check for group-writable parent directories or target files in safeOpen(),"A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.",Suse,"Suse Linux Enterprise Server 12-sp5,Opensuse Leap 15.3,Opensuse Leap 15.4,Opensuse Leap Micro 5.2",4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-10-06T18:16:00.000Z,0