This page lists publicly disclosed CVE vulnerabilities affecting opensuse leap (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-31431 KEV | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 2.58% | 2026-04-22 | 2026-05-21 |
| CVE-2025-32463 KEV | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | [email protected] | 9.3 | 57.34% | 2025-06-30 | 2025-11-05 |
| CVE-2023-32182 | A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | [email protected] | 5.9 | 0.04% | 2023-09-19 | 2024-11-21 |
| CVE-2022-45153 | An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphan | [email protected] | 7.0 | 0.15% | 2023-02-15 | 2024-11-21 |
| CVE-2022-31252 | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to | [email protected] | 4.4 | 0.03% | 2022-10-06 | 2024-11-21 |
| CVE-2021-46142 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | [email protected] | 5.5 | 0.09% | 2022-01-06 | 2024-11-21 |
| CVE-2021-46141 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | [email protected] | 5.5 | 0.09% | 2022-01-06 | 2024-11-21 |
| CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | [email protected] | 7.5 | 0.76% | 2022-01-01 | 2025-05-22 |
| CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | [email protected] | 7.5 | 0.50% | 2022-01-01 | 2024-11-21 |
| CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | [email protected] | 6.5 | 0.10% | 2021-02-09 | 2024-11-21 |
| CVE-2021-26675 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | [email protected] | 8.8 | 0.19% | 2021-02-09 | 2024-11-21 |
| CVE-2020-0569 | Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | [email protected] | 5.7 | 0.33% | 2020-11-23 | 2024-11-21 |
| CVE-2020-16846 KEV | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | [email protected] | 9.8 | 94.39% | 2020-11-06 | 2025-11-07 |
| CVE-2020-28049 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | [email protected] | 6.3 | 0.04% | 2020-11-04 | 2024-11-21 |
| CVE-2020-16011 | Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | [email protected] | 9.6 | 1.60% | 2020-11-03 | 2024-11-21 |
| CVE-2020-16009 KEV | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | [email protected] | 8.8 | 84.38% | 2020-11-03 | 2025-10-24 |
| CVE-2020-16008 | Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | [email protected] | 8.8 | 1.27% | 2020-11-03 | 2024-11-21 |
| CVE-2020-16007 | Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | [email protected] | 7.8 | 0.03% | 2020-11-03 | 2024-11-21 |
| CVE-2020-16006 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | [email protected] | 8.8 | 1.37% | 2020-11-03 | 2024-11-21 |
| CVE-2020-16005 | Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | [email protected] | 8.8 | 1.36% | 2020-11-03 | 2024-11-21 |