# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-46163 |
74 |
|
|
2023-01-10 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The travel-support-program uses the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The `*_start`, `*_end` or `*_cont` search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force (A match is indicated by the returned JSON not being empty). A single bank account number can be extracted with <200 requests, a password hash can be extracted with ~1200 requests, all within a few minutes. The problem has been patched in commit d22916275c51500b4004933ff1b0a69bc807b2b7. In order to work around this issue, you can also cherry pick that patch, however it will not work without the Rails 5.0 migration that was done in #150, which in turn had quite a few pull requests it depended on. |
2 |
CVE-2022-31256 |
59 |
|
|
2022-10-26 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. |
3 |
CVE-2022-31253 |
426 |
|
|
2022-11-09 |
2022-11-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. |
4 |
CVE-2022-31252 |
863 |
|
|
2022-10-06 |
2022-11-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225. |
5 |
CVE-2022-31251 |
276 |
|
|
2022-09-07 |
2023-01-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. |
6 |
CVE-2022-31250 |
59 |
|
|
2022-07-20 |
2022-11-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. |
7 |
CVE-2022-21949 |
611 |
|
+Priv |
2022-05-03 |
2022-05-10 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. |
8 |
CVE-2021-46142 |
416 |
|
|
2022-01-06 |
2022-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. |
9 |
CVE-2021-46141 |
416 |
|
|
2022-01-06 |
2022-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. |
10 |
CVE-2021-45082 |
77 |
|
|
2022-02-19 |
2022-04-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) |
11 |
CVE-2021-44568 |
787 |
|
DoS Overflow |
2022-02-21 |
2022-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. |
12 |
CVE-2021-41819 |
565 |
|
|
2022-01-01 |
2022-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. |
13 |
CVE-2021-41817 |
|
|
DoS |
2022-01-01 |
2022-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. |
14 |
CVE-2021-36781 |
276 |
|
|
2022-01-14 |
2023-01-18 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. |
15 |
CVE-2021-36777 |
807 |
|
|
2022-03-09 |
2022-03-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. |
16 |
CVE-2021-33938 |
787 |
|
DoS Overflow |
2021-09-02 |
2021-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
17 |
CVE-2021-33930 |
787 |
|
DoS Overflow |
2021-09-02 |
2021-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
18 |
CVE-2021-33929 |
787 |
|
DoS Overflow |
2021-09-02 |
2021-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
19 |
CVE-2021-33928 |
787 |
|
DoS Overflow |
2021-09-02 |
2021-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. |
20 |
CVE-2021-32000 |
59 |
|
|
2021-07-28 |
2022-11-21 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions. |
21 |
CVE-2021-26676 |
|
|
+Info |
2021-02-09 |
2022-05-06 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. |
22 |
CVE-2021-26675 |
787 |
|
Exec Code Overflow |
2021-02-09 |
2022-05-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. |
23 |
CVE-2021-25319 |
276 |
|
|
2021-05-05 |
2021-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. |
24 |
CVE-2021-4166 |
125 |
|
|
2021-12-25 |
2022-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
vim is vulnerable to Out-of-bounds Read |
25 |
CVE-2021-3200 |
120 |
|
DoS Overflow |
2021-05-18 |
2022-07-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service |
26 |
CVE-2020-28049 |
362 |
|
|
2020-11-04 |
2021-01-28 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. |
27 |
CVE-2020-27673 |
|
|
DoS |
2020-10-22 |
2022-04-26 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. |
28 |
CVE-2020-27672 |
362 |
|
DoS +Priv |
2020-10-22 |
2022-04-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. |
29 |
CVE-2020-27671 |
|
|
DoS +Priv |
2020-10-22 |
2022-04-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. |
30 |
CVE-2020-27670 |
345 |
|
DoS +Priv |
2020-10-22 |
2022-10-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. |
31 |
CVE-2020-27560 |
369 |
|
DoS |
2020-10-22 |
2022-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. |
32 |
CVE-2020-27153 |
415 |
|
DoS Exec Code |
2020-10-15 |
2022-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. |
33 |
CVE-2020-26935 |
89 |
|
Sql |
2020-10-10 |
2023-01-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. |
34 |
CVE-2020-26934 |
79 |
|
XSS |
2020-10-10 |
2021-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. |
35 |
CVE-2020-26164 |
400 |
|
DoS |
2020-10-07 |
2023-01-31 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. |
36 |
CVE-2020-26154 |
120 |
|
Overflow |
2020-09-30 |
2023-01-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. |
37 |
CVE-2020-26117 |
295 |
|
|
2020-09-27 |
2022-11-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. |
38 |
CVE-2020-26116 |
116 |
|
|
2020-09-27 |
2021-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
39 |
CVE-2020-26088 |
276 |
|
Bypass |
2020-09-24 |
2022-04-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. |
40 |
CVE-2020-25866 |
476 |
|
|
2020-10-06 |
2022-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. |
41 |
CVE-2020-25863 |
|
|
|
2020-10-06 |
2021-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. |
42 |
CVE-2020-25862 |
354 |
|
|
2020-10-06 |
2021-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. |
43 |
CVE-2020-25829 |
|
|
DoS |
2020-10-16 |
2022-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). |
44 |
CVE-2020-25645 |
319 |
|
|
2020-10-13 |
2021-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. |
45 |
CVE-2020-25643 |
20 |
|
DoS Overflow Mem. Corr. |
2020-10-06 |
2022-10-25 |
7.5 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Complete |
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
46 |
CVE-2020-25641 |
835 |
|
DoS |
2020-10-06 |
2022-11-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. |
47 |
CVE-2020-25637 |
415 |
|
DoS |
2020-10-06 |
2022-11-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
48 |
CVE-2020-25604 |
362 |
|
DoS |
2020-09-23 |
2022-09-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability. |
49 |
CVE-2020-25603 |
670 |
|
DoS +Info |
2020-09-23 |
2022-04-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering. |
50 |
CVE-2020-25602 |
755 |
|
DoS |
2020-09-23 |
2022-09-30 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability. |