cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22038,https://securityvulnerability.io/vulnerability/CVE-2024-22038,Attackers can leak information or cause denial of service through specially crafted git repositories in obs-scm-bridge,"The vulnerability in the OBS SCM Bridge product from SUSE arises from various issues that allow attackers to exploit specially crafted git repositories. This exploitation can lead to unauthorized information disclosure, enabling potential denial of service impacts. Organizations using this product should assess their risk and apply necessary mitigations promptly.",Suse,Opensuse Factory,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:38:03.449Z,0
CVE-2022-45155,https://securityvulnerability.io/vulnerability/CVE-2022-45155,obs-service-go_modules: arbitrary directory delete,An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.,Suse,Opensuse Factory,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-15T00:00:00.000Z,0
CVE-2022-31256,https://securityvulnerability.io/vulnerability/CVE-2022-31256,sendmail: mail to root privilege escalation via sm-client.pre script,A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.,Suse,Opensuse Factory,7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-10-26T00:00:00.000Z,0
CVE-2022-31251,https://securityvulnerability.io/vulnerability/CVE-2022-31251,slurm: %post for slurm-testsuite operates as root in user owned directory,A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.,Suse,Opensuse Factory,6.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-07T00:00:00.000Z,0
CVE-2021-46705,https://securityvulnerability.io/vulnerability/CVE-2021-46705,grub2-once uses fixed file name in /var/tmp,"A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.",Suse,"Suse Linux Enterprise Server 15 Sp4,Opensuse Factory",5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-03-16T10:15:00.000Z,0
CVE-2021-32000,https://securityvulnerability.io/vulnerability/CVE-2021-32000,clone-master-clean-up: dangerous file system operations,"A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.",Suse,"Suse Linux Enterprise Server 12 Sp3,Suse Linux Enterprise Server 15 Sp1,Factory",3.2,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-07-28T10:15:00.000Z,0
CVE-2021-25321,https://securityvulnerability.io/vulnerability/CVE-2021-25321,arpwatch: Local privilege escalation from runtime user to root,"A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.",Suse,"Suse Linux Enterprise Server 11-sp4-ltss,Suse Manager Server 4.0,Suse Openstack Cloud Crowbar 9,Factory,Leap 15.2",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-28T00:00:00.000Z,0
CVE-2021-25317,https://securityvulnerability.io/vulnerability/CVE-2021-25317,cups: ownership of /var/log/cups allows the lp user to create files as root,"A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.",Suse,"Suse Linux Enterprise Server 11-sp4-ltss,Suse Manager Server 4.0,Suse Openstack Cloud Crowbar 9,Opensuse Leap 15.2,Factory",3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-05-05T00:00:00.000Z,0
CVE-2019-3681,https://securityvulnerability.io/vulnerability/CVE-2019-3681,osc: stores downloaded (supposed) RPM in network-controlled filesystem paths,"A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .",Suse,"Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Software Development Kit 12-sp5,Suse Linux Enterprise Software Development Kit 12-sp4,Opensuse Leap 15.1,Opensuse Factory",7.5,HIGH,0.01655000075697899,false,,false,false,false,,,false,false,,2020-06-29T12:15:00.000Z,0
CVE-2019-18903,https://securityvulnerability.io/vulnerability/CVE-2019-18903,wicked: Use-after-free when receiving invalid DHCP6 IA_PD option,"A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.",Suse,"Suse Linux Enterprise Server 12,Suse Linux Enterprise Server 15,Leap 15.1,Factory",7.5,HIGH,0.007209999952465296,false,,false,false,false,,,false,false,,2020-03-02T17:15:00.000Z,0
CVE-2019-18902,https://securityvulnerability.io/vulnerability/CVE-2019-18902,wicked: Use-after-free when receiving invalid DHCP6 client options,"A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.",Suse,"Suse Linux Enterprise Server 12,Suse Linux Enterprise Server 15,Leap 15.1,Factory",7.5,HIGH,0.007209999952465296,false,,false,false,false,,,false,false,,2020-03-02T17:15:00.000Z,0
CVE-2019-18897,https://securityvulnerability.io/vulnerability/CVE-2019-18897,Local privilege escalation from user salt to root,"A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.",Suse,"Suse Linux Enterprise Server 12,Suse Linux Enterprise Server 15,Factory",8.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-03-02T16:15:00.000Z,0
CVE-2019-3698,https://securityvulnerability.io/vulnerability/CVE-2019-3698,nagios cron job allows privilege escalation from user nagios to root,"UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.",Suse,"Suse Linux Enterprise Server 12,Suse Linux Enterprise Server 11,Factory",5.7,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2020-02-28T00:00:00.000Z,0
CVE-2018-12476,https://securityvulnerability.io/vulnerability/CVE-2018-12476,obs-service-extract_file's outfilename parameter allows to write files outside of package directory,Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.,Suse,"Suse Linux Enterprise Server 15,Factory",4.3,MEDIUM,0.0016199999954551458,false,,false,false,false,,,false,false,,2020-01-27T00:00:00.000Z,0
CVE-2019-3692,https://securityvulnerability.io/vulnerability/CVE-2019-3692,Local privilege escalation from user news to root in the packaging of inn,"The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.",Suse,"Suse Linux Enterprise Server 11,Factory,Leap 15.1",7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-01-24T00:00:00.000Z,0
CVE-2019-3691,https://securityvulnerability.io/vulnerability/CVE-2019-3691,Local privilege escalation from user munge to root,A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.,Suse,"Suse Linux Enterprise Server 15,Factory",7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-01-23T16:15:00.000Z,0
CVE-2019-18898,https://securityvulnerability.io/vulnerability/CVE-2019-18898,trousers: Local privilege escalation from tss to root,UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.,Suse,"Suse Linux Enterprise Server 15 Sp1,Factory",7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-01-23T14:15:00.000Z,0