Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

opensuse — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting opensuse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by opensuse:Open Build ServiceFactoryTumbleweedLeap 15.1openbuildserviceLeap 15.2libeconfopenSUSE Backports SLE-15-SP3openSUSE Leap 15.2Build serviceopen-build-servicepasteopenSUSE Leap 15.1travel-support-programobs-service-set_versionopensuse-welcomesdbootutil
CVE IDTitleCVSSSeverityPublished
CVE-2026-25701 openSUSE sdbootutil 安全漏洞 — sdbootutilCWE-377 7.1AIHighAI2026-02-25
CVE-2025-53881 SUSE-specific logrotate configuration allows escalation from mail user/group to root — TumbleweedCWE-61 7.8AIHighAI2025-10-02
CVE-2025-46810 openSUSE Tumbleweed 安全漏洞 — TumbleweedCWE-61 7.8 -2025-09-02
CVE-2024-49505 XSS vulnerability found in OpenSuse MirrorCache — TumbleweedCWE-79 6.1AIMediumAI2024-11-13
CVE-2024-49506 Fixed temporary file path in aeon-checks allows fixing of disk encryption key — TumbleweedCWE-377 7.8AIHighAI2024-11-13
CVE-2023-32184 openSUSE opensuse-welcome 安全漏洞 — opensuse-welcomeCWE-922 7.8 High2023-09-19
CVE-2023-32183 openSUSE Tumbleweed 安全漏洞 — TumbleweedCWE-276 7.8 High2023-07-07
CVE-2023-22652 Stack buffer overflow in "read_file" function — libeconfCWE-120 3.3 Low2023-06-01
CVE-2023-32181 Stack buffer overflow in "econf_writeFile" function — libeconfCWE-120 3.3 Low2023-06-01
CVE-2022-21948 paste: XSS on the image upload function — pasteCWE-79 4.3 Medium2023-02-07
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection — travel-support-programCWE-200 7.5 High2023-01-10
CVE-2022-31253 openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself — FactoryCWE-426 7.1 High2022-11-09
CVE-2022-21950 canna: unsafe handling of /tmp/.iroha_unix directory — openSUSE Backports SLE-15-SP3CWE-284 5.3 Medium2022-09-07
CVE-2022-31250 keylime %post scriplet allows for privilege escalation from keylime user to root — TumbleweedCWE-59 7.1 High2022-07-20
CVE-2022-21946 suddoers configuration for cscreen not restrictive enough — FactoryCWE-732 5.3 Medium2022-03-16
CVE-2022-21945 cscreen: usage of fixed path /tmp/cscreen.debug — FactoryCWE-377 5.1 Medium2022-03-16
CVE-2021-36777 login-proxy sends password to attacker-provided domain — Build serviceCWE-807 8.1 High2022-03-09
CVE-2022-21944 watchman: chown in watchman@.socket unit allows symlink attack — openSUSE Backports SLE-15-SP3CWE-59 7.8 High2022-01-26
CVE-2021-36781 parsec: dangerous 777 permissions for /run/parsec — FactoryCWE-276 5.9 Medium2022-01-14
CVE-2021-25322 python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root — Leap 15.2CWE-61 6.8 Medium2021-06-10
CVE-2021-31997 python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root — Leap 15.2CWE-59 6.8 Medium2021-06-10
CVE-2021-25319 virtualbox: missing sticky bit for /etc/vbox allows local root exploit for members of vboxusers group — FactoryCWE-276 7.8 High2021-05-05
CVE-2020-8032 Local privilege escalation to root due to insecure tmp file usage — FactoryCWE-377 6.7 Medium2021-02-25
CVE-2020-8031 obs: Stored XSS — Open Build ServiceCWE-79 6.3 Medium2021-02-11
CVE-2018-12475 obs-service-download_files allows downloading from localhost or intranet hosts — Open Build ServiceCWE-610 6.5 Medium2020-09-01
CVE-2020-8026 inn: non-root owned files — openSUSE Leap 15.2CWE-276 8.4 High2020-08-07
CVE-2020-8014 kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage — openSUSE Leap 15.1CWE-61 7.7 High2020-06-29
CVE-2020-8024 Problematic permissions in hylafax+ packaging allow escalation from uucp to other users — openSUSE Leap 15.2CWE-276 5.3 Medium2020-06-29
CVE-2020-8021 unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service — Open Build ServiceCWE-269 5.3 Medium2020-05-19
CVE-2020-8020 Persistent XSS in markdown parser used by obs-server — open-build-serviceCWE-79 6.5 Medium2020-05-13

This page lists every published CVE security advisory associated with opensuse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.