Aggregates CVE and security vulnerability intelligence across all openSUSE-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk memory corruption, vendor risk input validation, and vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-31256 | A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. | [email protected] | 7.7 | 0.23% | 2022-10-26 | 2026-06-17 |
| CVE-2022-31252 | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to | [email protected] | 4.4 | 0.14% | 2022-10-06 | 2026-06-17 |
| CVE-2022-31251 | A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. | [email protected] | 6.5 | 0.20% | 2022-09-07 | 2026-06-17 |
| CVE-2022-21950 | A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. | [email protected] | 5.3 | 0.09% | 2022-09-07 | 2026-06-17 |
| CVE-2022-31250 | A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. | [email protected] | 7.1 | 0.31% | 2022-07-20 | 2026-06-17 |
| CVE-2022-21949 | A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. | [email protected] | 8.8 | 1.65% | 2022-05-03 | 2026-06-17 |
| CVE-2022-21946 | A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | [email protected] | 5.3 | 0.26% | 2022-03-16 | 2026-06-17 |
| CVE-2022-21945 | A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | [email protected] | 5.1 | 0.24% | 2022-03-16 | 2026-06-17 |
| CVE-2021-36777 | A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. | [email protected] | 8.1 | 0.90% | 2022-03-09 | 2026-06-16 |
| CVE-2021-44568 | Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | [email protected] | 6.5 | 1.77% | 2022-02-21 | 2026-06-17 |
| CVE-2021-45082 | An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) | [email protected] | 7.8 | 0.50% | 2022-02-18 | 2026-06-17 |
| CVE-2022-21944 | A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. | [email protected] | 7.8 | 0.28% | 2022-01-26 | 2026-06-17 |
| CVE-2021-36781 | A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. | [email protected] | 5.9 | 0.21% | 2022-01-14 | 2026-06-16 |
| CVE-2021-46142 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | [email protected] | 5.5 | 1.09% | 2022-01-05 | 2026-06-17 |
| CVE-2021-46141 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | [email protected] | 5.5 | 1.13% | 2022-01-05 | 2026-06-17 |
| CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | [email protected] | 7.5 | 2.93% | 2022-01-01 | 2026-06-17 |
| CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | [email protected] | 7.5 | 3.22% | 2022-01-01 | 2026-06-17 |
| CVE-2021-4166 | vim is vulnerable to Out-of-bounds Read | [email protected] | 7.1 | 1.59% | 2021-12-25 | 2026-06-17 |
| CVE-2021-33938 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 1.42% | 2021-09-02 | 2026-06-16 |
| CVE-2021-33930 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 1.46% | 2021-09-02 | 2026-06-16 |