Vulnerabilities > Opensuse > Factory

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-31256 Link Following vulnerability in Opensuse Factory
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root.
local
low complexity
opensuse CWE-59
7.8
2022-09-07 CVE-2022-31251 Incorrect Default Permissions vulnerability in Opensuse Factory
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root.
local
high complexity
opensuse CWE-276
6.3
2022-02-19 CVE-2021-45082 Command Injection vulnerability in multiple products
An issue was discovered in Cobbler before 3.3.1.
7.8
2022-01-14 CVE-2021-36781 Incorrect Default Permissions vulnerability in Opensuse Factory
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service.
local
low complexity
opensuse CWE-276
4.4
2022-01-06 CVE-2021-46141 Use After Free vulnerability in multiple products
An issue was discovered in uriparser before 0.9.6.
5.5
2022-01-06 CVE-2021-46142 Use After Free vulnerability in multiple products
An issue was discovered in uriparser before 0.9.6.
5.5
2022-01-01 CVE-2021-41819 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names.
7.5
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. 7.5
2021-12-25 CVE-2021-4166 Out-of-bounds Read vulnerability in multiple products
vim is vulnerable to Out-of-bounds Read
7.1
2021-05-05 CVE-2021-25319 Incorrect Default Permissions vulnerability in Opensuse Factory
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root.
local
low complexity
opensuse CWE-276
7.2