Filtered by vendor Opensuse
Subscriptions
Total
3283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44568 | 2 Opensuse, Redhat | 3 Libsolv, Satellite, Satellite Capsule | 2024-08-04 | 6.5 Medium |
| Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | ||||
| CVE-2021-41819 | 6 Debian, Fedoraproject, Opensuse and 3 more | 12 Debian Linux, Fedora, Factory and 9 more | 2024-08-04 | 7.5 High |
| CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | ||||
| CVE-2021-41817 | 6 Debian, Fedoraproject, Opensuse and 3 more | 12 Debian Linux, Fedora, Factory and 9 more | 2024-08-04 | 7.5 High |
| Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | ||||
| CVE-2021-33930 | 2 Opensuse, Redhat | 4 Libsolv, Enterprise Linux, Satellite and 1 more | 2024-08-04 | 7.5 High |
| Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||||
| CVE-2021-33928 | 2 Opensuse, Redhat | 4 Libsolv, Enterprise Linux, Satellite and 1 more | 2024-08-04 | 7.5 High |
| Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||||
| CVE-2021-33929 | 2 Opensuse, Redhat | 4 Libsolv, Enterprise Linux, Satellite and 1 more | 2024-08-04 | 7.5 High |
| Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||||
| CVE-2021-33938 | 2 Opensuse, Redhat | 4 Libsolv, Enterprise Linux, Satellite and 1 more | 2024-08-04 | 7.5 High |
| Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||||
| CVE-2021-26676 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2024-08-03 | 6.5 Medium |
| gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | ||||
| CVE-2021-26675 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2024-08-03 | 8.8 High |
| A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | ||||
| CVE-2021-4166 | 7 Apple, Debian, Fedoraproject and 4 more | 8 Mac Os X, Macos, Debian Linux and 5 more | 2024-08-03 | 7.1 High |
| vim is vulnerable to Out-of-bounds Read | ||||
| CVE-2021-3200 | 3 Opensuse, Oracle, Redhat | 5 Libsolv, Communications Cloud Native Core Policy, Enterprise Linux and 2 more | 2024-08-03 | 3.3 Low |
| Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service | ||||
| CVE-2022-46163 | 1 Opensuse | 1 Travel Support Program | 2024-08-03 | 7.5 High |
| Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The travel-support-program uses the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The `*_start`, `*_end` or `*_cont` search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force (A match is indicated by the returned JSON not being empty). A single bank account number can be extracted with <200 requests, a password hash can be extracted with ~1200 requests, all within a few minutes. The problem has been patched in commit d22916275c51500b4004933ff1b0a69bc807b2b7. In order to work around this issue, you can also cherry pick that patch, however it will not work without the Rails 5.0 migration that was done in #150, which in turn had quite a few pull requests it depended on. | ||||
| CVE-2022-45154 | 2 Opensuse, Suse | 2 Supportutils, Linux Enterprise Server | 2024-08-03 | 4.4 Medium |
| A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions. | ||||
| CVE-2022-45153 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise Module For Sap Applications, Linux Enterprise Server | 2024-08-03 | 7 High |
| An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. | ||||
| CVE-2022-31254 | 2 Opensuse, Suse | 4 Leap, Rmt-server, Linux Enterprise Server and 1 more | 2024-08-03 | 7.8 High |
| A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. | ||||
| CVE-2022-28321 | 2 Linux-pam, Opensuse | 2 Linux-pam, Tumbleweed | 2024-08-03 | 9.8 Critical |
| The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. | ||||
| CVE-2022-21948 | 1 Opensuse | 1 Paste | 2024-08-03 | 4.3 Medium |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions. | ||||
| CVE-2023-32181 | 1 Opensuse | 1 Libeconf | 2024-08-02 | 3.3 Low |
| A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. | ||||
| CVE-2023-32182 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise High Performance Computing, Suse Linux Enterprise Desktop | 2024-08-02 | 5.9 Medium |
| A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | ||||
| CVE-2023-32184 | 1 Opensuse | 1 Welcome | 2024-08-02 | 7.8 High |
| A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a. | ||||