Vulnerabilities > Opensuse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-49505 | Cross-site Scripting vulnerability in Opensuse Mirrorcache A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083. | 6.1 |
| 2023-06-01 | CVE-2023-22652 | Unspecified vulnerability in Opensuse Libeconf 0.5.1 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. | 6.5 |
| 2023-06-01 | CVE-2023-32181 | Unspecified vulnerability in Opensuse Libeconf 0.5.1 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. | 6.5 |
| 2023-02-15 | CVE-2022-45154 | Unspecified vulnerability in Opensuse Supportutils A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. | 5.5 |
| 2023-02-07 | CVE-2022-21948 | Unspecified vulnerability in Opensuse Paste An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. | 6.1 |
| 2022-10-06 | CVE-2022-31252 | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. | 4.4 |
| 2022-09-07 | CVE-2022-21950 | Unspecified vulnerability in Opensuse Canna 3.7P3/3.7P3Bp153.2.3.1 A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. | 5.3 |
| 2022-09-07 | CVE-2022-31251 | Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. | 6.3 |
| 2022-03-16 | CVE-2022-21945 | Unspecified vulnerability in Opensuse Cscreen 1.2/1.3 A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. | 6.1 |
| 2022-03-16 | CVE-2022-21946 | Unspecified vulnerability in Opensuse Cscreen 1.2/1.3 A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. | 5.3 |