Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Novell Subscribe
Filtered by product Opensuse Factory
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1551 1 Novell 1 Opensuse Factory 2017-08-16 6.9 MEDIUM N/A
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.
CVE-2011-1550 2 Gentoo, Novell 2 Logrotate, Opensuse Factory 2011-04-06 6.3 MEDIUM N/A
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.