cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22038,https://securityvulnerability.io/vulnerability/CVE-2024-22038,Attackers can leak information or cause denial of service through specially crafted git repositories in obs-scm-bridge,"The vulnerability in the OBS SCM Bridge product from SUSE arises from various issues that allow attackers to exploit specially crafted git repositories. This exploitation can lead to unauthorized information disclosure, enabling potential denial of service impacts. Organizations using this product should assess their risk and apply necessary mitigations promptly.",Suse,Opensuse Factory,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:38:03.449Z,0
CVE-2022-45155,https://securityvulnerability.io/vulnerability/CVE-2022-45155,obs-service-go_modules: arbitrary directory delete,An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.,Suse,Opensuse Factory,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-15T00:00:00.000Z,0
CVE-2022-31256,https://securityvulnerability.io/vulnerability/CVE-2022-31256,sendmail: mail to root privilege escalation via sm-client.pre script,A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.,Suse,Opensuse Factory,7.7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-10-26T00:00:00.000Z,0
CVE-2022-31251,https://securityvulnerability.io/vulnerability/CVE-2022-31251,slurm: %post for slurm-testsuite operates as root in user owned directory,A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.,Suse,Opensuse Factory,6.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-07T00:00:00.000Z,0
CVE-2021-46705,https://securityvulnerability.io/vulnerability/CVE-2021-46705,grub2-once uses fixed file name in /var/tmp,"A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.",Suse,"Suse Linux Enterprise Server 15 Sp4,Opensuse Factory",5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-03-16T10:15:00.000Z,0
CVE-2021-25317,https://securityvulnerability.io/vulnerability/CVE-2021-25317,cups: ownership of /var/log/cups allows the lp user to create files as root,"A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.",Suse,"Suse Linux Enterprise Server 11-sp4-ltss,Suse Manager Server 4.0,Suse Openstack Cloud Crowbar 9,Opensuse Leap 15.2,Factory",3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-05-05T00:00:00.000Z,0
CVE-2019-3681,https://securityvulnerability.io/vulnerability/CVE-2019-3681,osc: stores downloaded (supposed) RPM in network-controlled filesystem paths,"A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .",Suse,"Suse Linux Enterprise Module For Development Tools 15,Suse Linux Enterprise Software Development Kit 12-sp5,Suse Linux Enterprise Software Development Kit 12-sp4,Opensuse Leap 15.1,Opensuse Factory",7.5,HIGH,0.01655000075697899,false,,false,false,false,,,false,false,,2020-06-29T12:15:00.000Z,0