High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-26	CVE-2022-31256	Link Following vulnerability in Opensuse Factory A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. local low complexity opensuse CWE-59	7.8
2022-02-19	CVE-2021-45082	Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. local low complexity cobbler-project suse opensuse fedoraproject CWE-77	7.8
2022-01-01	CVE-2021-41819	Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. network low complexity ruby-lang redhat debian suse opensuse fedoraproject CWE-565	7.5
2022-01-01	CVE-2021-41817	Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. network low complexity ruby-lang redhat fedoraproject debian suse opensuse	7.5
2021-12-25	CVE-2021-4166	Out-of-bounds Read vulnerability in multiple products vim is vulnerable to Out-of-bounds Read local low complexity vim redhat suse opensuse debian fedoraproject apple CWE-125	7.1
2021-05-05	CVE-2021-25319	Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. local low complexity opensuse CWE-276	7.2