Filtered by vendor Opensuse
Subscribe
Total
3251 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36777 | 1 Opensuse | 1 Open Build Service | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. | |||||
CVE-2021-46705 | 3 Gnu, Opensuse, Suse | 3 Grub2, Factory, Linux Enterprise Server | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. | |||||
CVE-2022-21945 | 1 Opensuse | 2 Cscreen, Factory | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | |||||
CVE-2021-45082 | 4 Cobbler Project, Fedoraproject, Opensuse and 1 more | 5 Cobbler, Fedora, Backports and 2 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) | |||||
CVE-2022-21949 | 1 Opensuse | 1 Open Build Service | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. | |||||
CVE-2021-46141 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | |||||
CVE-2021-36781 | 1 Opensuse | 1 Factory | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. | |||||
CVE-2021-4166 | 7 Apple, Debian, Fedoraproject and 4 more | 8 Mac Os X, Macos, Debian Linux and 5 more | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
vim is vulnerable to Out-of-bounds Read | |||||
CVE-2021-46142 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | |||||
CVE-2022-21944 | 2 Opensuse, Suse | 2 Factory Watchman, Suse Linux Enterprise Server | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. | |||||
CVE-2021-25317 | 3 Fedoraproject, Opensuse, Suse | 7 Fedora, Factory, Leap and 4 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions. | |||||
CVE-2019-18906 | 2 Opensuse, Suse | 3 Cryptctl, Linux Enterprise Server, Manager Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. | |||||
CVE-2020-4675 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Infosphere Master Data Management Server, Linux On Ibm Z and 3 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. | |||||
CVE-2021-25321 | 2 Opensuse, Suse | 6 Factory, Leap, Arpwatch and 3 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. | |||||
CVE-2021-33929 | 1 Opensuse | 1 Libsolv | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | |||||
CVE-2021-33930 | 1 Opensuse | 1 Libsolv | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | |||||
CVE-2021-3200 | 2 Opensuse, Oracle | 2 Libsolv, Communications Cloud Native Core Policy | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service | |||||
CVE-2021-33938 | 1 Opensuse | 1 Libsolv | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | |||||
CVE-2021-25322 | 2 Opensuse, Python-hyperkitty Project | 3 Factory, Leap, Python-hyperkitty | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. | |||||
CVE-2021-33928 | 1 Opensuse | 1 Libsolv | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |