Vulnerabilities > Opensuse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-09 | CVE-2021-36777 | Unspecified vulnerability in Opensuse Open Build Service A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. | 8.8 |
2022-02-21 | CVE-2021-44568 | Out-of-bounds Write vulnerability in Opensuse Libsolv Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | 4.3 |
2022-02-19 | CVE-2021-45082 | Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.8 |
2022-01-26 | CVE-2022-21944 | Link Following vulnerability in Opensuse Factory Watchman A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. | 7.8 |
2022-01-14 | CVE-2021-36781 | Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. | 4.4 |
2022-01-06 | CVE-2021-46141 | Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. | 5.5 |
2022-01-06 | CVE-2021-46142 | Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. | 5.5 |
2022-01-01 | CVE-2021-41819 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. | 7.5 |
2022-01-01 | CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. | 7.5 |
2021-12-25 | CVE-2021-4166 | Out-of-bounds Read vulnerability in multiple products vim is vulnerable to Out-of-bounds Read | 7.1 |