Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Tumbleweed
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28321 2 Linux-pam, Opensuse 2 Linux-pam, Tumbleweed 2022-09-22 N/A 9.8 CRITICAL
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
CVE-2022-31250 1 Opensuse 1 Tumbleweed 2022-07-28 N/A 7.8 HIGH
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.
CVE-2021-25315 3 Opensuse, Saltstack, Suse 3 Tumbleweed, Salt, Suse Linux Enterprise Server 2021-05-06 4.6 MEDIUM 7.8 HIGH
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
CVE-2020-8026 1 Opensuse 2 Leap, Tumbleweed 2020-09-18 7.2 HIGH 7.8 HIGH
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.