Vulnerabilities > Opensuse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-07 | CVE-2023-22643 | OS Command Injection vulnerability in Opensuse Libzypp-Plugin-Appdata An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. | 7.8 |
| 2023-01-10 | CVE-2022-46163 | SQL Injection vulnerability in Opensuse Travel Support Program Travel support program is a rails app to support the travel support program of openSUSE (TSP). | 7.5 |
| 2022-11-09 | CVE-2022-31253 | Untrusted Search Path vulnerability in Opensuse Openldap2 A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. | 7.8 |
| 2022-10-26 | CVE-2022-31256 | Link Following vulnerability in Opensuse Factory A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. | 7.8 |
| 2022-10-06 | CVE-2022-31252 | Incorrect Authorization vulnerability in multiple products A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. | 4.4 |
| 2022-09-07 | CVE-2022-21950 | Improper Access Control vulnerability in Opensuse Canna 3.7P3/3.7P3Bp153.2.3.1 A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. | 5.3 |
| 2022-09-07 | CVE-2022-31251 | Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. | 6.3 |
| 2022-07-20 | CVE-2022-31250 | Link Following vulnerability in Opensuse Tumbleweed 2.6.24.2 A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. | 7.8 |
| 2022-05-03 | CVE-2022-21949 | XXE vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 9.0 |
| 2022-03-16 | CVE-2022-21945 | Insecure Temporary File vulnerability in Opensuse Cscreen 1.2/1.3 A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. | 6.1 |