Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2021-06-30 CVE-2019-18906 Improper Authentication vulnerability in Opensuse Cryptctl
A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it.
network
low complexity
opensuse CWE-287
7.5
2021-06-10 CVE-2021-31997 Unix Symbolic Link (Symlink) Following vulnerability in Opensuse Python-Postorius 1.3.2Lp152.1.2
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root.
local
low complexity
opensuse CWE-61
7.2
2021-06-10 CVE-2021-31998 Incorrect Default Permissions vulnerability in Opensuse INN 2.4.2170.21.3.1
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root.
local
low complexity
opensuse CWE-276
7.2
2021-05-18 CVE-2021-3200 Classic Buffer Overflow vulnerability in Opensuse Libsolv
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
network
opensuse CWE-120
4.3
2021-05-05 CVE-2021-25319 Incorrect Default Permissions vulnerability in Opensuse Factory
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root.
local
low complexity
opensuse CWE-276
7.2
2021-02-25 CVE-2020-8032 Insecure Temporary File vulnerability in Opensuse Cyrus-Sasl
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root.
6.9
2021-02-11 CVE-2020-8027 Insecure Temporary File vulnerability in Opensuse Openldap2 2.4.260.74.13/2.4.4118.71.2/2.4.469.31.1
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1.
local
low complexity
opensuse CWE-377
4.6
2021-02-11 CVE-2020-8031 Cross-Site Scripting vulnerability in Opensuse Open Build Service
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity.
network
opensuse CWE-79
3.5
2021-02-09 CVE-2021-26676 gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
low complexity
intel debian opensuse
3.3
2021-02-09 CVE-2021-26675 Out-Of-Bounds Write vulnerability in multiple products
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
low complexity
intel debian opensuse CWE-787
5.8