openSUSE CVE Vulnerabilities & CVE List (3,273)

Products (CPE): — CVEs: 3,273

openSUSE vulnerability overview

Aggregates CVE and security vulnerability intelligence across all openSUSE-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk memory corruption, vendor risk input validation, and vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface production workloads contexts.

Vulnerability distribution trend (last 24 months)

Showing 4160 of 3273 CVEs
«« First « Prev Page 3 / 164 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2021-33938 Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. [email protected] 7.5 1.42% 2021-09-02 2026-06-16
CVE-2021-33930 Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. [email protected] 7.5 1.46% 2021-09-02 2026-06-16
CVE-2021-33929 Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. [email protected] 7.5 1.44% 2021-09-02 2026-06-16
CVE-2021-33928 Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. [email protected] 7.5 1.46% 2021-09-02 2026-06-16
CVE-2019-18906 A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. [email protected] 9.8 1.11% 2021-06-30 2026-06-16
CVE-2021-31998 A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. [email protected] 6.8 0.32% 2021-06-10 2026-06-16
CVE-2021-31997 A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. [email protected] 6.8 0.34% 2021-06-10 2026-06-16
CVE-2021-3200 Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service [email protected] 3.3 1.31% 2021-05-18 2026-06-17
CVE-2021-25319 A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. [email protected] 7.8 0.26% 2021-05-05 2026-06-16
CVE-2020-8032 A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. [email protected] 6.7 0.38% 2021-02-25 2026-06-16
CVE-2020-8027 A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior [email protected] 7.3 0.30% 2021-02-11 2026-06-16
CVE-2020-8031 A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8. [email protected] 6.3 0.75% 2021-02-11 2026-06-16
CVE-2021-26676 gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. [email protected] 6.5 1.21% 2021-02-09 2026-06-16
CVE-2021-26675 A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. [email protected] 8.8 1.30% 2021-02-09 2026-06-16
CVE-2020-0569 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. [email protected] 5.7 0.56% 2020-11-23 2026-06-16
CVE-2020-16846 KEV An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. [email protected] 9.8 99.59% 2020-11-06 2026-06-16
CVE-2020-28049 An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. [email protected] 6.3 0.41% 2020-11-04 2026-06-16
CVE-2020-6557 Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. [email protected] 6.5 1.50% 2020-11-02 2026-06-16
CVE-2020-16011 Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. [email protected] 9.6 2.38% 2020-11-02 2026-06-16
CVE-2020-16009 KEV Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. [email protected] 8.8 48.57% 2020-11-02 2026-06-16
«« First « Prev Page 3 / 164 Next »
cvelogic Threat Intelligence