CVE Daily
← All tags

Tag: openSUSE

All CVEs associated with "openSUSE". Page 2/2 • 138 CVEs.

Subscribe CVEs: RSS for “openSUSE”  ·  RSS (High+Critical only)

About “openSUSE”

A curated feed of “openSUSE”-related CVEs appears below. We currently track 138 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 6.4 (all time; 6.2 over 365d), and 44% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-377 - Insecure Temporary File, CWE-754 - Improper Check for Unusual or Exceptional Conditions, CWE-61 - UNIX Symbolic Link (Symlink) Following.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2010-09-28
Medium

CVE-2010-3087

LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-09-03
High

CVE-2010-2532

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for phys…

CVSS: 7.2 CWE: CWE-264 View on NVD
2010-02-22
Medium

CVE-2010-0299

openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors.

CVSS: 4.6 CWE: CWE-264 View on NVD
2010-01-22
High

CVE-2010-0230

SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.

CVSS: 7.5 CWE: CWE-264 View on NVD
2009-10-23
Medium

CVE-2009-1297

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a syml…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-04-09
Medium

CVE-2008-2025

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0,…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-03-30
High

CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating syste…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2009-03-11
Medium

CVE-2009-0848

Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."

CVSS: 4.4 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2009-02-18
High

CVE-2009-0310

Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-07-22
High

CVE-2008-3188

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

CVSS: 7.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2008-07-21
Medium

CVE-2008-3187

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package dat…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2008-07-07
Medium

CVE-2008-2667

SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are…

CVSS: 5.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Low

CVE-2008-3067

sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo chil…

CVSS: 2.1 CWE: CWE-255 View on NVD
2008-06-06
Critical

CVE-2008-2388

Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."

CVSS: 10.0 CWE: CWE-189 View on NVD
Medium

CVE-2008-2389

opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack.

CVSS: 4.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-02-12
High

CVE-2008-0731

The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmo…

CVSS: 7.5 CWE: CWE-264 View on NVD
2007-10-29
Medium

CVE-2007-5702

Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to i…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-10-14
Low

CVE-2007-5200

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary…

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD