Opensuse Tumbleweed vulnerabilities

8 known vulnerabilities affecting opensuse/tumbleweed.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-62875MEDIUMCVSS 6.9fixed in 7.8.0p0-1.12025-11-20
CVE-2025-62875 [MEDIUM] CWE-754 CVE-2025-62875: An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local user An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
nvd
CVE-2025-53881MEDIUMCVSS 6.9≥ ?, < 4.98.2-lp156.248.12025-10-02
CVE-2025-53881 [MEDIUM] CWE-61 CVE-2025-53881: A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allow A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.
cvelistv5nvd
CVE-2025-46810HIGHCVSS 8.5≥ ?, < 2.11.292025-09-02
CVE-2025-46810 [HIGH] CWE-61 CVE-2025-46810: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traef A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.
cvelistv5nvd
CVE-2024-49506HIGHCVSS 7.3fixed in 1.0.2fixed in 1.2.42024-11-13
CVE-2024-49506 [HIGH] CWE-377 CVE-2024-49506: Insecure creation of temporary files allows local users on systems with non-default configurations t Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem
cvelistv5nvd
CVE-2024-49505MEDIUMCVSS 5.3fixed in 1.0832024-11-13
CVE-2024-49505 [MEDIUM] CWE-79 CVE-2024-49505: A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083.
cvelistv5nvd
CVE-2022-31250HIGHCVSS 7.8fixed in 6.4.2-1.1≥ keylime, < 6.4.2-1.12022-07-20
CVE-2022-31250 [HIGH] CWE-59 CVE-2022-31250: A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows loca A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.
cvelistv5nvd
CVE-2021-25315HIGHCVSS 7.8≥ salt, ≤ 3002.2-2.12021-03-03
CVE-2021-25315 [CRITICAL] CWE-287 CVE-2021-25315: CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSU CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-
cvelistv5nvd
CVE-2020-8026HIGHCVSS 7.8≤ 2.6.2-4.22020-08-07
CVE-2020-8026 [HIGH] CWE-276 CVE-2020-8026: A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUS A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 an
nvd