Latest opensuse factory Vulnerabilities

CVE-2022-31256
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail ...
openSUSE Factory<8.17.1-1.1
CVE-2022-31251
openSUSE Factory<22.05.2-3.3
CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue af...
Opensuse Canna<3.7p3-bp153.2.3.1
openSUSE Backports SLE=15.0-sp3
Opensuse Canna<3.7p3-bp154.3.3.1
openSUSE Backports SLE=15.0-sp4
Opensuse Canna=3.7p3
openSUSE Factory
and 1 more
CVE-2022-21946
A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout g...
Opensuse Cscreen>=1.2<=1.3
openSUSE Factory
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linu...
Gnu Grub2<2.06-150400.7.1
SUSE Linux Enterprise Server=15-sp4
Gnu Grub2<2.06-18.1
openSUSE Factory
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring....
Cobbler Project Cobbler<3.3.1
openSUSE Factory
Opensuse Backports=sle-15-sp3
Opensuse Backports=sle-15-sp4
SUSE Linux Enterprise Server=11-sp3
SUSE Linux Enterprise Server=12
and 5 more
CVE-2021-36781
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This iss...
openSUSE Factory<0.8.1-1.1
CVE-2021-46141
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2021-4166
Vim. Multiple issues were addressed by updating Vim.
Vim Vim<8.2.3884
Redhat Enterprise Linux=8.0
openSUSE Factory
SUSE Linux Enterprise=12.0
SUSE Linux Enterprise=15.0
Debian Debian Linux=9.0
and 26 more
CVE-2021-41819
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. B...
rubygems/cgi<0.1.0.1
rubygems/cgi=0.2.0
rubygems/cgi=0.3.0
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
and 42 more
CVE-2021-41817
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. This flaw allows an attacker to hang a ruby ap...
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
Ruby-lang Date<2.0.1
Ruby-lang Date>=3.0.0<3.0.2
Ruby-lang Date>=3.1.0<3.1.2
and 46 more
CVE-2021-25321
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 all...
Suse Arpwatch<2.1a15
SUSE Manager Server=4.0
SUSE OpenStack Cloud Crowbar=9.0
SUSE Linux Enterprise Server=11-sp4
Suse Arpwatch<=2.1a15-169.5
openSUSE Factory
and 2 more
CVE-2021-25322
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to...
Python-hyperkitty Project Python-hyperkitty<=1.3.2-lp152.2.3.1
openSUSE Leap=15.2
Python-hyperkitty Project Python-hyperkitty<1.3.4-5.1
openSUSE Factory
CVE-2021-31997
A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue...
Opensuse Python-postorius<1.3.2-lp152.1.2
openSUSE Leap=15.2
Opensuse Python-postorius<=1.3.4-2.1
openSUSE Factory
CVE-2021-25317
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory...
Suse Cups<1.3.9
SUSE Linux Enterprise Server=11-sp4
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Suse Cups<2.2.7
and 6 more
CVE-2021-25319
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factor...
openSUSE Factory<=6.1.20-1.1
CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Soft...
Opensuse Osc<0.169.1-3.20.1
SUSE Linux Enterprise Server=15
Opensuse Osc<0.162.1-15.9.1
SUSE Linux Enterprise Software Development Kit=12-sp5
SUSE Linux Enterprise Software Development Kit=12-sp4
Opensuse Osc<0.169.1-lp151.2.15.1
and 3 more
CVE-2019-3699
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSU...
Privoxy Privoxy<3.0.28-lp151.1.1
openSUSE Leap=15.1
Privoxy Privoxy<3.0.28-2.1
openSUSE Factory
CVE-2019-3694
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Fact...
Opensuse Munin<=2.0.49-4.2
openSUSE Factory
Suse Munin<=2.0.40-lp151.1.1
openSUSE Leap=15.1
CVE-2019-3692
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterp...
Suse Inn<=2.4.2-170.21.3.1
SUSE Linux Enterprise Server=11
Suse Inn<=2.6.2-2.2
openSUSE Factory
Suse Inn<=2.5.4-lp151.2.47
openSUSE Leap=15.1
and 2 more
CVE-2019-3691
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root....
Opensuse Munge<0.5.13-4.3.1
SUSE SUSE Linux Enterprise Server=15
Opensuse Munge<0.5.13-6.1
openSUSE Factory

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203