Vulnerabilities > Opensuse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-33938 | Out-of-bounds Write vulnerability in Opensuse Libsolv Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | 7.5 |
| 2021-06-10 | CVE-2021-31997 | Unspecified vulnerability in Opensuse Python-Postorius 1.3.2Lp152.1.2 A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. | 7.8 |
| 2021-06-10 | CVE-2021-31998 | Unspecified vulnerability in Opensuse INN 2.4.2170.21.3.1 A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. | 7.8 |
| 2021-05-05 | CVE-2021-25319 | Unspecified vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. | 7.8 |
| 2021-02-25 | CVE-2020-8032 | Unspecified vulnerability in Opensuse Cyrus-Sasl A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. | 7.0 |
| 2021-02-09 | CVE-2021-26675 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | 8.8 |
| 2020-11-03 | CVE-2020-16009 | Type Confusion vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-11-03 | CVE-2020-16008 | Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | 8.8 |
| 2020-11-03 | CVE-2020-16007 | Link Following vulnerability in multiple products Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | 7.8 |
| 2020-11-03 | CVE-2020-16006 | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |