← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-31256
1Opensuse
1Factory
Nov 21, 2024
Oct 26, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue...Show more
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.Show less
CVE-2022-31252
2Opensuse
Suse
3Leap
Leap MicroLinux Enterprise Server
Nov 21, 2024
Oct 6, 2022
N/A· v4
4.4 MEDIUM· v3
N/A· v2
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local a...Show more
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.Show less
CVE-2022-31251
1Opensuse
1Factory
Nov 21, 2024
Sep 7, 2022
N/A· v4
6.3 MEDIUM· v3
N/A· v2
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory...Show more
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.Show less
CVE-2022-21950
1Opensuse
1Canna
Nov 21, 2024
Sep 7, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Back...Show more
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.Show less
CVE-2022-31250
1Opensuse
1Tumbleweed
Nov 21, 2024
Jul 20, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to...Show more
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.Show less
CVE-2022-21949
1Opensuse
1Open Build Service
Nov 21, 2024
May 3, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the...Show more
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.Show less
CVE-2022-21946
1Opensuse
1Cscreen
Nov 21, 2024
Mar 16, 2022
N/A· v4
5.3 MEDIUM· v3
4.6 MEDIUM· v2
A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and...Show more
A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.Show less
CVE-2022-21945
1Opensuse
1Cscreen
Nov 21, 2024
Mar 16, 2022
N/A· v4
6.1 MEDIUM· v3
3.6 LOW· v2
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1....Show more
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.Show less
CVE-2021-36777
1Opensuse
1Open Build Service
Nov 21, 2024
Mar 9, 2022
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credential...Show more
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.Show less
CVE-2021-44568
1Opensuse
1Libsolv
Nov 21, 2024
Feb 21, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remot...Show more
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.Show less
CVE-2021-45082
4Cobbler Project
FedoraprojectOpensuse+1 more
5Backports
CobblerFactory+2 more
Nov 21, 2024
Feb 19, 2022
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginni...Show more
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)Show less
CVE-2022-21944
1Opensuse
1Factory Watchman
Nov 21, 2024
Jan 26, 2022
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports...Show more
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.Show less
CVE-2021-36781
1Opensuse
1Factory
Nov 21, 2024
Jan 14, 2022
N/A· v4
4.4 MEDIUM· v3
3.6 LOW· v2
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE...Show more
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.Show less
CVE-2021-46142
4Debian
FedoraprojectOpensuse+1 more
7Backports
Debian LinuxExtra Packages For Enterprise Linux+4 more
Nov 21, 2024
Jan 6, 2022
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2021-46141
4Debian
FedoraprojectOpensuse+1 more
7Backports
Debian LinuxExtra Packages For Enterprise Linux+4 more
Nov 21, 2024
Jan 6, 2022
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2021-41819
6Debian
FedoraprojectOpensuse+3 more
9Cgi
Debian LinuxEnterprise Linux+6 more
May 22, 2025
Jan 1, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2021-41817
6Debian
FedoraprojectOpensuse+3 more
9Date
Debian LinuxEnterprise Linux+6 more
Nov 21, 2024
Jan 1, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-4166
7Apple
DebianFedoraproject+4 more
8Debian Linux
Enterprise LinuxFactory+5 more
Nov 21, 2024
Dec 25, 2021
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
vim is vulnerable to Out-of-bounds Read
CVE-2021-33938
1Opensuse
1Libsolv
Nov 21, 2024
Sep 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVE-2021-33930
1Opensuse
1Libsolv
Nov 21, 2024
Sep 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.