Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-25315 Incorrect Implementation of Authentication Algorithm vulnerability in multiple products
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials.
local
low complexity
opensuse suse saltstack CWE-303
4.6
2021-02-25 CVE-2020-8032 Insecure Temporary File vulnerability in Opensuse Cyrus-Sasl
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root.
6.9
2021-02-11 CVE-2020-8027 Insecure Temporary File vulnerability in Opensuse Openldap2 2.4.260.74.13/2.4.4118.71.2/2.4.469.31.1
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1.
local
low complexity
opensuse CWE-377
4.6
2021-02-11 CVE-2020-8031 Cross-Site Scripting vulnerability in Opensuse Open Build Service
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity.
network
opensuse CWE-79
3.5
2021-02-09 CVE-2021-26676 gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
low complexity
intel debian opensuse
3.3
2021-02-09 CVE-2021-26675 Out-Of-Bounds Write vulnerability in multiple products
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
low complexity
intel debian opensuse CWE-787
5.8
2020-11-04 CVE-2020-28049 Race Condition vulnerability in multiple products
An issue was discovered in SDDM before 0.19.0.
3.3
2020-11-03 CVE-2020-6557 Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 4.3
2020-11-03 CVE-2020-16011 Out-Of-Bounds Write vulnerability in multiple products
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
6.8
2020-11-03 CVE-2020-16009 Out-Of-Bounds Write vulnerability in multiple products
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.8