CVE-2019-3695
Vulnerability from cvelistv5
Published
2020-03-03 11:05
Modified
2024-09-16 18:03
EPSS score ?
0.05% (0.22375)
Summary
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
References
Impacted products
Vendor Product Version
SUSE SUSE Linux Enterprise High Performance Computing 15-LTSS Version: pcp   < 3.11.9-5.8.1
SUSE SUSE Linux Enterprise Module for Development Tools 15 Version: pcp   < 3.11.9-5.8.1
SUSE SUSE Linux Enterprise Module for Development Tools 15-SP1 Version: pcp   < 4.3.1-3.5.3
SUSE SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 Version: pcp   < 3.11.9-5.8.1
SUSE SUSE Linux Enterprise Server 15-LTSS Version: pcp   < 3.11.9-5.8.1
SUSE SUSE Linux Enterprise Server for SAP 15 Version: pcp   < 3.11.9-5.8.1
SUSE SUSE Linux Enterprise Software Development Kit 12-SP4 Version: pcp   < 3.11.9-6.14.1
SUSE SUSE Linux Enterprise Software Development Kit 12-SP5 Version: pcp   < 3.11.9-6.14.1
openSUSE openSUSE Leap 15.1 Version: pcp   < 4.3.1-lp151.2.3.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:19:17.572Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-5.8.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise High Performance Computing 15-LTSS",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-5.8.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise Module for Development Tools 15",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-5.8.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise Module for Development Tools 15-SP1",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "4.3.1-3.5.3",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-5.8.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise Server 15-LTSS",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-5.8.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise Server for SAP 15",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-5.8.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise Software Development Kit 12-SP4",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-6.14.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "SUSE Linux Enterprise Software Development Kit 12-SP5",
               vendor: "SUSE",
               versions: [
                  {
                     lessThan: "3.11.9-6.14.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "openSUSE Leap 15.1",
               vendor: "openSUSE",
               versions: [
                  {
                     lessThan: "4.3.1-lp151.2.3.1",
                     status: "affected",
                     version: "pcp",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Johannes Segitz",
            },
         ],
         datePublic: "2020-02-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-94",
                     description: "CWE-94: Improper Control of Generation of Code",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-03T11:05:17",
            orgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            shortName: "suse",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
            },
         ],
         source: {
            advisory: "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
            defect: [
               "1152763",
            ],
            discovery: "INTERNAL",
         },
         title: "pcp: Local privilege escalation from user pcp to root",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@suse.com",
               DATE_PUBLIC: "2020-02-07T00:00:00.000Z",
               ID: "CVE-2019-3695",
               STATE: "PUBLIC",
               TITLE: "pcp: Local privilege escalation from user pcp to root",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-5.8.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-5.8.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise Module for Development Tools 15",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-5.8.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise Module for Development Tools 15-SP1",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "4.3.1-3.5.3",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-5.8.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise Server 15-LTSS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-5.8.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise Server for SAP 15",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-5.8.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise Software Development Kit 12-SP4",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-6.14.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "SUSE Linux Enterprise Software Development Kit 12-SP5",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "3.11.9-6.14.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SUSE",
                     },
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "openSUSE Leap 15.1",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "pcp",
                                          version_value: "4.3.1-lp151.2.3.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "openSUSE",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "Johannes Segitz",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",
                  },
               ],
            },
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-94: Improper Control of Generation of Code",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
                  },
               ],
            },
            source: {
               advisory: "https://bugzilla.suse.com/show_bug.cgi?id=1152763",
               defect: [
                  "1152763",
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
      assignerShortName: "suse",
      cveId: "CVE-2019-3695",
      datePublished: "2020-03-03T11:05:18.069478Z",
      dateReserved: "2019-01-03T00:00:00",
      dateUpdated: "2024-09-16T18:03:10.964Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2019-3695\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2020-03-03T11:15:11.440\",\"lastModified\":\"2024-11-21T04:42:21.017\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Control Inapropiado de la Generación de Código en el empaquetado pcp de SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, openSUSE Leap 15.1, permite a un usuario pcp ejecutar código como root al colocarlo en el archivo /var/log/pcp/configs.sh. Este problema afecta: a pcp de SUSE Linux Enterprise High Performance Computing 15-ESPOS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise High Performance Computing 15-LTSS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Module for Development Tools 15 versiones anteriores a  4.3.1-3.5.3. pcp de SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Server 15-LTSS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Server para SAP de 15 versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Software Development Kit 12-SP4 versiones anteriores a 3.11.9-6.14.1. pcp de SUSE Linux Enterprise Software Development Kit 12-SP5 versiones anteriores a 3.11.9-6.14.1. pcp de openSUSE Leap 15.1 versiones anteriores a 4.3.1-lp151.2.3.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.11.9-5.8.1\",\"matchCriteriaId\":\"61713CEF-5A8F-45D2-B664-CE3BDC39E216\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:*:*:*:espos:*:*:*\",\"matchCriteriaId\":\"BB4F0686-6047-45DE-A482-E879228FD52B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:*:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"02069D2C-DA12-4EA9-806E-5A509351313B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70A029CD-2AC4-4877-B1A4-5C72B351BA27\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:ltss:*:*\",\"matchCriteriaId\":\"293AC7BE-C913-40A1-AAA5-70BE6F3969EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"C665A768-DBDA-4197-9159-A2791E98A84F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.1-3.5.3\",\"matchCriteriaId\":\"CA2AACED-01CC-4A8C-8C12-C32A847ECBFC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2C602E-AA0C-44DF-BC22-E32CADF1F05B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.11.9-6.14.1\",\"matchCriteriaId\":\"63C411F3-377D-40CB-A56A-EC0E1C80709B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"227AB4E0-7CD4-4094-BAA4-E98DC5279C97\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C734CEC-64F2-4129-B52E-C81884B3AC9A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.1-lp151.2.3.1\",\"matchCriteriaId\":\"4D376651-9D03-4BE9-852B-04473BE8CF0D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1152763\",\"source\":\"meissner@suse.de\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1152763\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the vulnerability lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.