Latest Opensuse Vulnerabilities

CVE-2023-32182
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfi...
openSUSE Leap=15.5
SUSE Linux Enterprise High Performance Computing=15.0-sp5
SUSE SUSE Linux Enterprise Desktop=15-sp5
CVE-2023-30078
A stack overflow vulnerability exists in function econf_writeFile in file atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.
openSUSE libeconf=0.5.1
CVE-2023-30079
A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.
openSUSE libeconf=0.5.1
CVE-2023-32184
openSUSE-welcome: local privilege escalation when choosing XFCE desktop layout (CVE-2023-32184)
Opensuse Welcome>=0.1.0<0.1.9\+git.35.4b9444a
CVE-2023-32183
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.
openSUSE Tumbleweed
CVE-2023-32181
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. ...
openSUSE libeconf<0.5.2
CVE-2023-22652
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.
openSUSE libeconf<0.5.2
CVE-2022-45154
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers th...
Opensuse Supportutils<=3.0.10-95.51.1
SUSE Linux Enterprise Server=12
Opensuse Supportutils<=3.1.21-150000.5.44.1
SUSE Linux Enterprise Server=15
Opensuse Supportutils<=3.1.21-150300.7.35.15.1
SUSE Linux Enterprise Server=15-sp3
CVE-2022-45153
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 ...
SUSE Linux Enterprise Module for SAP Applications=15-sp1
openSUSE Leap=15.4
Suse Linux Enterprise Server Sap=12-sp5
CVE-2022-21948
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE ...
openSUSE paste<2011-12-05
CVE-2022-31254
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUS...
Opensuse Rmt-server<2.10
SUSE Manager Server=4.1
openSUSE Leap=15.3
openSUSE Leap=15.4
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=15-sp1
CVE-2022-46163
Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. E...
Opensuse Travel Support Program<2022-11-29
CVE-2022-31253
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/gro...
Opensuse Openldap2<2.6.3-404.1
CVE-2022-31256
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail ...
openSUSE Factory<8.17.1-1.1
CVE-2022-31252
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path componen...
openSUSE Leap=15.3
openSUSE Leap=15.4
openSUSE Leap Micro=5.2
SUSE Linux Enterprise Server=12-sp5
CVE-2022-28321
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an...
Linux-pam Linux-pam<1.5.2-6.1
openSUSE Tumbleweed
CVE-2022-31251
openSUSE Factory<22.05.2-3.3
CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue af...
Opensuse Canna<3.7p3-bp153.2.3.1
openSUSE Backports SLE=15.0-sp3
Opensuse Canna<3.7p3-bp154.3.3.1
openSUSE Backports SLE=15.0-sp4
Opensuse Canna=3.7p3
openSUSE Factory
and 1 more
CVE-2022-31250
openSUSE Tumbleweed<6.4.2-1.1
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain ...
openSUSE Open Build Service<2.10.13
CVE-2022-21946
A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout g...
Opensuse Cscreen>=1.2<=1.3
openSUSE Factory
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linu...
Gnu Grub2<2.06-150400.7.1
SUSE Linux Enterprise Server=15-sp4
Gnu Grub2<2.06-18.1
openSUSE Factory
CVE-2021-36777
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the c...
openSUSE Open Build Service<2021-10-08
CVE-2021-44568
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which...
redhat/libsolv<0.7.17
Opensuse Libsolv<0.7.17
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring....
Cobbler Project Cobbler<3.3.1
openSUSE Factory
Opensuse Backports=sle-15-sp3
Opensuse Backports=sle-15-sp4
SUSE Linux Enterprise Server=11-sp3
SUSE Linux Enterprise Server=12
and 5 more
CVE-2022-21944
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects...
openSUSE Factory watchman<=4.9.1
SUSE SUSE Linux Enterprise Server=15-sp3
CVE-2021-36781
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This iss...
openSUSE Factory<0.8.1-1.1
CVE-2021-46141
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2021-4166
Vim. Multiple issues were addressed by updating Vim.
Vim Vim<8.2.3884
Redhat Enterprise Linux=8.0
openSUSE Factory
SUSE Linux Enterprise=12.0
SUSE Linux Enterprise=15.0
Debian Debian Linux=9.0
and 26 more
CVE-2021-41819
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. B...
rubygems/cgi<0.1.0.1
rubygems/cgi=0.2.0
rubygems/cgi=0.3.0
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
and 42 more
CVE-2021-41817
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. This flaw allows an attacker to hang a ruby ap...
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
Ruby-lang Date<2.0.1
Ruby-lang Date>=3.0.0<3.0.2
Ruby-lang Date>=3.1.0<3.1.2
and 46 more
CVE-2021-33928
Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable in src/repo.h function. A remote attacker could exploit this vulnerability to cause a denia...
Opensuse Libsolv<=0.7.17
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM<=7.3.3 GA - 7.3.3 FP10
CVE-2021-33930
Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable_whatprovides in src/repo.h function. A remote attacker could exploit this vulnerability to ...
Opensuse Libsolv<=0.7.17
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM<=7.3.3 GA - 7.3.3 FP10
CVE-2021-25321
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 all...
Suse Arpwatch<2.1a15
SUSE Manager Server=4.0
SUSE OpenStack Cloud Crowbar=9.0
SUSE Linux Enterprise Server=11-sp4
Suse Arpwatch<=2.1a15-169.5
openSUSE Factory
and 2 more
CVE-2019-18906
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having...
Opensuse Cryptctl<2.4
Suse Linux Enterprise Server Sap=12-sp5
SUSE Manager Server=4.0
CVE-2021-25322
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to...
Python-hyperkitty Project Python-hyperkitty<=1.3.2-lp152.2.3.1
openSUSE Leap=15.2
Python-hyperkitty Project Python-hyperkitty<1.3.4-5.1
openSUSE Factory
CVE-2021-31998
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their...
Opensuse Inn<=2.4.2-170.21.3.1
Oracle Java SE=11-sp3
Opensuse Inn<2.6.2
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.2
CVE-2021-31997
A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue...
Opensuse Python-postorius<1.3.2-lp152.1.2
openSUSE Leap=15.2
Opensuse Python-postorius<=1.3.4-2.1
openSUSE Factory
CVE-2021-3200
Libsolv is vulnerable to a denial of service, caused by a buffer overflow in the testcase_read function. By persuading a victim to open a specially file, a remote attacker could overflow a buffer and ...
Opensuse Libsolv<0.7.17
Oracle Communications Cloud Native Core Policy=1.15.0
redhat/libsolv<0.7.17
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM<=7.3.3 GA - 7.3.3 FP10
CVE-2020-4675
IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that t...
IBM InfoSphere Master Data Management<=11.6
IBM InfoSphere Master Data Management Server=11.6
IBM AIX
Ibm Linux On Ibm Z
Linux Linux kernel
Microsoft Windows
and 1 more
CVE-2021-25317
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory...
Suse Cups<1.3.9
SUSE Linux Enterprise Server=11-sp4
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Suse Cups<2.2.7
and 6 more
CVE-2021-25319
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factor...
openSUSE Factory<=6.1.20-1.1
CVE-2021-25315
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt with...
pip/salt<3002.2
SaltStack Salt<3002.2
openSUSE Tumbleweed
SUSE SUSE Linux Enterprise Server=15-sp3
SaltStack Salt<3002.2
openSUSE Tumbleweed
and 1 more
CVE-2020-8032
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4....
Opensuse Cyrus-sasl<=2.1.27
CVE-2020-8027
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to ...
Opensuse Openldap2<2.4.46-9.37.1
SUSE Linux Enterprise Server=15
Suse Linux Enterprise Server Sap=15
Opensuse Openldap2<2.4.46-lp151.10.18.1
openSUSE Leap=15.1
Opensuse Openldap2<2.4.46-lp152.14.9.1
and 1 more
CVE-2020-8031
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly esc...
openSUSE Open Build Service<2.10.8
CVE-2021-26676
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
Intel Connman<1.39
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.2
debian/connman
ubuntu/connman<1.36-2.1
and 3 more
CVE-2021-26675
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
Intel Connman<1.39
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.2
debian/connman
ubuntu/connman<1.36-2.1
and 2 more
CVE-2021-33929
Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_disabled_solvable in src/repo.h. A remote attacker could exploit this vulnerability to cause a denial o...
redhat/libsolv<0:0.7.16-3.el8_4
redhat/libsolv<0:0.7.22-1.el7
redhat/libsolv<0:0.7.22-1.el8
Opensuse Libsolv<=0.7.17
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203