Opensuse Leap 15.1 vulnerabilities

13 known vulnerabilities affecting opensuse/opensuse_leap_15.1.

Total CVEs

13

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH8MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2020-8027MEDIUMCVSS 6.6≥ openldap2, < 2.4.46-lp151.10.18.12021-02-11

CVE-2020-8027 [HIGH] CWE-377 CVE-2020-8027: A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE L A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior

CVE-2020-8023HIGHCVSS 7.8≥ openldap2, < 2.4.46-lp151.10.12.12020-09-01

CVE-2020-8023 [HIGH] CWE-349 CVE-2020-8023: A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of ope A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux

CVE-2020-8025CRITICALCVSS 9.3≥ permissions, < 20181116-lp151.4.24.12020-08-07

CVE-2020-8025 [MEDIUM] CWE-279 CVE-2020-8025: A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux En A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects

CVE-2020-8026HIGHCVSS 7.8≥ inn, ≤ 2.5.4-lp151.3.3.12020-08-07

CVE-2020-8026 [HIGH] CWE-276 CVE-2020-8026: A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUS A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 an

CVE-2019-3681CRITICALCVSS 9.8≥ osc, < 0.169.1-lp151.2.15.12020-06-29

CVE-2019-3681 [HIGH] CWE-73 CVE-2019-3681: A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Dev A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files.

CVE-2020-8019HIGHCVSS 7.8≥ syslog-ng, < 3.19.1-lp151.3.6.12020-06-29

CVE-2020-8019 [HIGH] CWE-61 CVE-2020-8019: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux E A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; open

CVE-2020-8014HIGHCVSS 7.8≥ kopano-spamd, < 10.0.5-lp151.4.12020-06-29

CVE-2020-8014 [HIGH] CWE-61 CVE-2020-8014: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.

CVE-2020-8024MEDIUMCVSS 5.3≥ hylafax+, ≤ 5.6.1-lp151.3.72020-06-29

CVE-2020-8024 [MEDIUM] CWE-276 CVE-2020-8024: A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, op A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.

CVE-2019-18904HIGHCVSS 7.5≥ rmt-server, < 2.5.2-lp151.2.9.12020-04-03

CVE-2019-18904 [MEDIUM] CWE-400 CVE-2019-18904: A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance C A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SU

CVE-2020-8016HIGHCVSS 7.0≥ texlive-filesystem, < 2017.135-lp151.8.3.12020-04-02

CVE-2020-8016 [MEDIUM] CWE-367 CVE-2020-8016: A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUS A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privi

CVE-2020-8017MEDIUMCVSS 6.3≥ texlive-filesystem, < 2017.135-lp151.8.3.12020-04-02

CVE-2020-8017 [MEDIUM] CWE-367 CVE-2020-8017: A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesyst A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary fi

CVE-2019-3695HIGHCVSS 7.8≥ pcp, < 4.3.1-lp151.2.3.12020-03-03

CVE-2019-3695 [HIGH] CWE-94 CVE-2019-3695: A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterpr A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Build

CVE-2019-3696HIGHCVSS 7.3≥ pcp, < 4.3.1-lp151.2.3.12020-03-03

CVE-2019-3696 [HIGH] CWE-22 CVE-2019-3696: A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise M