Opensuse Factory vulnerabilities

CVE-2022-31253 [HIGH] CWE-426 CVE-2022-31253: A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with c A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.

CVE-2022-31256 [HIGH] CWE-59 CVE-2022-31256: A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.

CVE-2022-31251 [MEDIUM] CWE-276 CVE-2022-31251: A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Fa A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.

CVE-2022-21946 [MEDIUM] CWE-732 CVE-2022-21946: A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration i A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

CVE-2022-21945 [MEDIUM] CWE-377 CVE-2022-21945: A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cau A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

CVE-2022-21944 [HIGH] CWE-59 CVE-2022-21944: A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of o A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.

CVE-2021-36781 [MEDIUM] CWE-276 CVE-2021-36781: A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.

CVE-2021-32000 [LOW] CWE-59 CVE-2021-32000: A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clo A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.

CVE-2021-25321 [HIGH] CWE-61 CVE-2021-25321: A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 1 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Li

CVE-2021-31997 [MEDIUM] CWE-59 CVE-2021-31997: A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Fa A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior

CVE-2021-25322 [MEDIUM] CWE-61 CVE-2021-25322: A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, F A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty version

CVE-2021-25319 [HIGH] CWE-276 CVE-2021-25319: A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory all A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.

CVE-2021-25317 [LOW] CWE-276 CVE-2021-25317: A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Serv A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affe

CVE-2020-8032 [MEDIUM] CWE-377 CVE-2020-8032: A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows lo A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.

CVE-2020-8015 [HIGH] CWE-59 CVE-2020-8015: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

CVE-2019-18902 [HIGH] CWE-416 CVE-2019-18902: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to

CVE-2019-18903 [HIGH] CWE-416 CVE-2019-18903: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior t

CVE-2019-18897 [HIGH] CWE-59 CVE-2019-18897: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterp A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linu

CVE-2019-3698 [MEDIUM] CWE-59 CVE-2019-3698: UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linu UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and pr

CVE-2018-12476 [MEDIUM] CWE-23 CVE-2018-12476: Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; ope Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2