Luiz Angelo Daros De Luca

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise Server 15 versions prior to 4.8-5.8.1 SUSE Linux Enterprise Server 12 versions prior to 3.5.21-26.17.1 **Description** The issue concerns the /usr/sbin/pinger binary packaged with squid, which had `squid:root` and `0750` permissions. This allowed an attacker who compromised the squid user to gain persistence by modifying the binary. **Recommendations** For SUSE Linux Enterprise Server 15 versions prior to 4.8-5.8.1, update to version 4.8-5.8.1 or later to resolve the issue. For SUSE Linux Enterprise Server 12 versions prior to 3.5.21-26.17.1, update to version 3.5.21-26.17.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Huawei OceanStor 5600 V3 version V300R003C00 **Description** The issue concerns a hardcoded SSH key used for encrypting communication data and authenticating different nodes of the devices. An attacker may obtain the hardcoded keys and log in to the device through SSH. **Recommendations** For Huawei OceanStor 5600 V3 version V300R003C00, consider disabling SSH access until a patch or fix is available to prevent potential unauthorized login. Restrict access to the device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Huawei OceanStor 5600 V3 versions V300R003C00C10 and earlier **Description** The issue allows attackers with administrator privilege to inject a command into specific command parameters and run the injected command with root privilege. **Recommendations** For versions V300R003C00C10 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.