Opensuse Leap 15.4 vulnerabilities

CVE-2022-45153 [HIGH] CWE-276 CVE-2022-45153: An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SA

CVE-2022-31254 [HIGH] CWE-276 CVE-2022-31254: A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterpr A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server

CVE-2023-22643 [MEDIUM] CWE-78 CVE-2023-22643: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulner An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue

CVE-2022-31252 [MEDIUM] CWE-863 CVE-2022-31252: A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolutio