Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

opensuse — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting opensuse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

openSUSE is a community-driven Linux distribution focused on providing a stable, secure, and flexible operating system for both desktop and server environments. Its core utility lies in offering a robust platform for developers and enterprises seeking customizable infrastructure. Historically, vulnerabilities within the openSUSE ecosystem have predominantly involved privilege escalation and remote code execution, often stemming from misconfigurations or outdated packages within the broader SUSE Linux Enterprise lineage. With fifty recorded CVEs, these issues typically highlight gaps in default security policies or unpatched dependencies rather than fundamental architectural flaws. Notable security characteristics include the integration of AppArmor for mandatory access control and regular automated updates via Zypper. While no catastrophic, widespread incidents have defined its history, the distribution maintains a strong reputation for transparency and rapid patch deployment, ensuring that security postures remain resilient against evolving threat landscapes without relying on proprietary restrictions.

Found 13 results / 50Clear Filters
Top products by opensuse: Open Build Service Factory Tumbleweed Leap 15.1 openbuildservice Leap 15.2 libeconf openSUSE Backports SLE-15-SP3 openSUSE Leap 15.2 Build service open-build-service paste openSUSE Leap 15.1 travel-support-program obs-service-set_version opensuse-welcome sdbootutil
CVE IDTitleCVSSSeverityPublished
CVE-2020-8031 obs: Stored XSS — Open Build ServiceCWE-79 6.3 Medium2021-02-11
CVE-2018-12475 obs-service-download_files allows downloading from localhost or intranet hosts — Open Build ServiceCWE-610 6.5 Medium2020-09-01
CVE-2020-8021 unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service — Open Build ServiceCWE-269 5.3 Medium2020-05-19
CVE-2018-12474 Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm — Open Build ServiceCWE-20 8.8 -2018-10-09
CVE-2018-12477 obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories — Open Build ServiceCWE-93 6.5 -2018-10-09
CVE-2018-12478 obs-service-replace_using_package_version allows to specify arbitrary input files — Open Build ServiceCWE-20 6.5 -2018-10-09
CVE-2018-12479 Request controller allows to create requests with arbitrary request IDs — Open Build ServiceCWE-20 7.5 -2018-10-09
CVE-2018-12473 path traversal in obs-service-tar_scm — Open Build ServiceCWE-23 7.5 -2018-10-02
CVE-2013-3703 No write permission check in change_role command — Open Build ServiceCWE-862 6.5 -2018-06-08
CVE-2014-0594 CSRF protection incorrectly disabled — Open Build ServiceCWE-352 8.8 -2018-06-08
CVE-2018-7688 Open Build Service accepts arbitrary reviews — Open Build ServiceCWE-862 6.5 -2018-06-07
CVE-2018-7689 Open Build Service arbitrary package modification — Open Build ServiceCWE-862 6.5 -2018-06-07
CVE-2017-5188 OBS worker VM escape via relative symbolic links — open build service 6.5 -2018-03-01

This page lists every published CVE security advisory associated with opensuse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.