Vulnerabilities > Opensuse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-01 | CVE-2023-22652 | Classic Buffer Overflow vulnerability in Opensuse Libeconf A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. | 6.5 |
| 2023-06-01 | CVE-2023-32181 | Classic Buffer Overflow vulnerability in Opensuse Libeconf A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. | 6.5 |
| 2023-02-15 | CVE-2022-45154 | Cleartext Storage of Sensitive Information vulnerability in Opensuse Supportutils 3.15.7.1 A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. | 5.5 |
| 2023-02-07 | CVE-2022-21948 | Cross-site Scripting vulnerability in Opensuse Paste An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. | 6.1 |
| 2022-10-06 | CVE-2022-31252 | Incorrect Authorization vulnerability in multiple products A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. | 4.4 |
| 2022-09-07 | CVE-2022-21950 | Improper Access Control vulnerability in Opensuse Canna 3.7P3/3.7P3Bp153.2.3.1 A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. | 5.3 |
| 2022-09-07 | CVE-2022-31251 | Incorrect Default Permissions vulnerability in Opensuse Factory A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. | 6.3 |
| 2022-03-16 | CVE-2022-21945 | Insecure Temporary File vulnerability in Opensuse Cscreen 1.2/1.3 A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. | 6.1 |
| 2022-03-16 | CVE-2022-21946 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Cscreen 1.2/1.3 A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. | 5.3 |
| 2022-02-21 | CVE-2021-44568 | Out-of-bounds Write vulnerability in Opensuse Libsolv Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | 4.3 |