Aggregates CVE and security vulnerability intelligence across all openSUSE-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk memory corruption, vendor risk input validation, and vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-33938 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 1.42% | 2021-09-02 | 2026-06-16 |
| CVE-2021-33930 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 1.46% | 2021-09-02 | 2026-06-16 |
| CVE-2021-33929 | Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 1.44% | 2021-09-02 | 2026-06-16 |
| CVE-2021-33928 | Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | [email protected] | 7.5 | 1.46% | 2021-09-02 | 2026-06-16 |
| CVE-2019-18906 | A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. | [email protected] | 9.8 | 1.11% | 2021-06-30 | 2026-06-16 |
| CVE-2021-31998 | A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. | [email protected] | 6.8 | 0.32% | 2021-06-10 | 2026-06-16 |
| CVE-2021-31997 | A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. | [email protected] | 6.8 | 0.34% | 2021-06-10 | 2026-06-16 |
| CVE-2021-3200 | Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service | [email protected] | 3.3 | 1.31% | 2021-05-18 | 2026-06-17 |
| CVE-2021-25319 | A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. | [email protected] | 7.8 | 0.26% | 2021-05-05 | 2026-06-16 |
| CVE-2020-8032 | A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. | [email protected] | 6.7 | 0.38% | 2021-02-25 | 2026-06-16 |
| CVE-2020-8027 | A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior | [email protected] | 7.3 | 0.30% | 2021-02-11 | 2026-06-16 |
| CVE-2020-8031 | A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8. | [email protected] | 6.3 | 0.75% | 2021-02-11 | 2026-06-16 |
| CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | [email protected] | 6.5 | 1.21% | 2021-02-09 | 2026-06-16 |
| CVE-2021-26675 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | [email protected] | 8.8 | 1.30% | 2021-02-09 | 2026-06-16 |
| CVE-2020-0569 | Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | [email protected] | 5.7 | 0.56% | 2020-11-23 | 2026-06-16 |
| CVE-2020-16846 KEV | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | [email protected] | 9.8 | 99.59% | 2020-11-06 | 2026-06-16 |
| CVE-2020-28049 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | [email protected] | 6.3 | 0.41% | 2020-11-04 | 2026-06-16 |
| CVE-2020-6557 | Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | [email protected] | 6.5 | 1.50% | 2020-11-02 | 2026-06-16 |
| CVE-2020-16011 | Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | [email protected] | 9.6 | 2.38% | 2020-11-02 | 2026-06-16 |
| CVE-2020-16009 KEV | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | [email protected] | 8.8 | 48.57% | 2020-11-02 | 2026-06-16 |