Opensuse Factory vulnerabilities

CVE-2019-3681 [HIGH] CWE-73 CVE-2019-3681: A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Dev A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files.

CVE-2020-8024 [MEDIUM] CWE-276 CVE-2020-8024: A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, op A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.