Opensuse Leap vulnerabilities

CVE-2025-32463 [CRITICAL] CWE-829 CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2023-32182 [MEDIUM] CWE-59 CVE-2023-32182: A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux En A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Perfor

CVE-2022-45153 [HIGH] CWE-276 CVE-2022-45153: An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SA

CVE-2022-31252 [MEDIUM] CWE-863 CVE-2022-31252: A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolutio

CVE-2021-46142 [MEDIUM] CWE-416 CVE-2021-46142: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormali An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

CVE-2021-46141 [MEDIUM] CWE-416 CVE-2021-46141: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUri An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

CVE-2021-41819 [HIGH] CWE-565 CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affe CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

CVE-2021-41817 [HIGH] CWE-1333 CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

CVE-2021-26675 [HIGH] CWE-787 CVE-2021-26675: A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent a A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

CVE-2021-26676 [MEDIUM] CVE-2021-26676: gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack inf gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

CVE-2020-0569 [MEDIUM] CWE-787 CVE-2020-0569: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticat Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

CVE-2020-16846 [CRITICAL] CWE-78 CVE-2020-16846: An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

CVE-2020-28049 [MEDIUM] CWE-362 CVE-2020-28049: An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - fo An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the cli

CVE-2020-16011 [CRITICAL] CWE-787 CVE-2020-16011: Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attac Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-16004 [HIGH] CWE-416 CVE-2020-16004: Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker t Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16005 [HIGH] CWE-755 CVE-2020-16005: Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote at Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16009 [HIGH] CWE-787 CVE-2020-16009: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16007 [HIGH] CWE-59 CVE-2020-16007: Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local at Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

CVE-2020-16008 [HIGH] CWE-787 CVE-2020-16008: Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

CVE-2020-16006 [HIGH] CWE-787 CVE-2020-16006: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.