CVE-2021-25314

Beschreibung:
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

CWE: CWE-378 CWE-400

CVSS-Bewertung
CVSS 2: HIGH – 7.2 (Version: 2.0)
CVSS 3: HIGH – 7.8 (Version: 3.1)

Links:

NVD – CVE-2021-25314
CVE – CVE-2021-25314

Link (max. 20) Quelle Tags
https://bugzilla.suse.com/show_bug.cgi?id=1182166 CONFIRM Exploit Issue Tracking Vendor Advisory
https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644 MISC Exploit Patch Third Party Advisory Third Party Advisory
http://packetstormsecurity.com/files/162489/b2evolution-7-2-2-SQL-Injection.html MISC Third Party Advisory Third Party Advisory
FEDORA-2021-7ca24ddc86 FEDORA Third Party Advisory
FEDORA-2021-a963f04012 FEDORA
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets MLIST
[kafka-commits] 20210506 [kafka] branch 2.7 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636) MLIST
[kafka-jira] 20210506 [GitHub] [kafka] omkreddy commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-dev] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-commits] 20210506 [kafka] branch 2.8 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636) MLIST
[kafka-jira] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-jira] 20210506 [GitHub] [kafka] omkreddy merged pull request #10636: MINOR: Bump Jersey deps to 2.34 due to CVE-2021-28168 MLIST
[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr closed pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST
[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02 MLIST

Quelle: NVD – CVE-2021-25314
Datum Veröffentlichung: 2021-04-14T15:15Z, Datum letzte Änderung: 2021-05-10T14:29Z