Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

opensuse — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting opensuse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

openSUSE is a community-driven Linux distribution focused on providing a stable, secure, and flexible operating system for both desktop and server environments. Its core utility lies in offering a robust platform for developers and enterprises seeking customizable infrastructure. Historically, vulnerabilities within the openSUSE ecosystem have predominantly involved privilege escalation and remote code execution, often stemming from misconfigurations or outdated packages within the broader SUSE Linux Enterprise lineage. With fifty recorded CVEs, these issues typically highlight gaps in default security policies or unpatched dependencies rather than fundamental architectural flaws. Notable security characteristics include the integration of AppArmor for mandatory access control and regular automated updates via Zypper. While no catastrophic, widespread incidents have defined its history, the distribution maintains a strong reputation for transparency and rapid patch deployment, ensuring that security postures remain resilient against evolving threat landscapes without relying on proprietary restrictions.

Top products by opensuse: Open Build Service Factory Tumbleweed Leap 15.1 openbuildservice Leap 15.2 libeconf openSUSE Backports SLE-15-SP3 openSUSE Leap 15.2 Build service open-build-service paste openSUSE Leap 15.1 travel-support-program obs-service-set_version opensuse-welcome sdbootutil
CVE IDTitleCVSSSeverityPublished
CVE-2020-8015 Local privilege escalation in exim package from user mail to root — FactoryCWE-59 8.4 High2020-04-02
CVE-2019-3700 yast: Fallback to DES without configuration in /etc/login.def — FactoryCWE-327 2.9 Low2020-01-24
CVE-2019-3699 Local privilege escalation from user privoxy to root — Leap 15.1CWE-59 7.7 High2020-01-24
CVE-2019-3697 Local privilege escalation from user gnump3d to root — Leap 15.1CWE-59 7.7 High2020-01-24
CVE-2019-3694 Local privilege escalation from munin to root in the packaging of munin — FactoryCWE-59 7.7 High2020-01-24
CVE-2019-18899 apt-cacher-ng insecure use of /run/apt-cacher-ng — Leap 15.1CWE-269 6.2 Medium2020-01-23
CVE-2018-12479 Request controller allows to create requests with arbitrary request IDs — Open Build ServiceCWE-20 7.5 -2018-10-09
CVE-2018-12478 obs-service-replace_using_package_version allows to specify arbitrary input files — Open Build ServiceCWE-20 6.5 -2018-10-09
CVE-2018-12477 obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories — Open Build ServiceCWE-93 6.5 -2018-10-09
CVE-2018-12474 Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm — Open Build ServiceCWE-20 8.8 -2018-10-09
CVE-2018-12473 path traversal in obs-service-tar_scm — Open Build ServiceCWE-23 7.5 -2018-10-02
CVE-2018-12467 delete package via link exploit in open buildservice — openbuildserviceCWE-285 7.5 -2018-08-01
CVE-2018-12466 openbuildservice allowed deleting packages via project links — openbuildserviceCWE-285 6.5 -2018-08-01
CVE-2013-3703 No write permission check in change_role command — Open Build ServiceCWE-862 6.5 -2018-06-08
CVE-2014-0593 sed command injection — obs-service-set_versionCWE-78 9.8 -2018-06-08
CVE-2014-0594 CSRF protection incorrectly disabled — Open Build ServiceCWE-352 8.8 -2018-06-08
CVE-2018-7688 Open Build Service accepts arbitrary reviews — Open Build ServiceCWE-862 6.5 -2018-06-07
CVE-2018-7689 Open Build Service arbitrary package modification — Open Build ServiceCWE-862 6.5 -2018-06-07
CVE-2011-3178 openbuildservice webui code injection — openbuildservice 8.8 -2018-03-20
CVE-2017-5188 OBS worker VM escape via relative symbolic links — open build service 6.5 -2018-03-01

This page lists every published CVE security advisory associated with opensuse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.