OpenSuse Factory
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in OpenSuse Factory.
By the Year
In 2026 there have been 0 vulnerabilities in OpenSuse Factory. Factory did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 9 | 6.68 |
| 2021 | 3 | 7.20 |
| 2020 | 6 | 7.47 |
It may take a day or so for new Factory vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenSuse Factory Security Vulnerabilities
Link Resolution Flaw in openSUSE Factory sendmail (pre 8.17.1-1.1)
CVE-2022-31256
7.8 - High
- October 26, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
insecure temporary file
openSUSE Factory Slurm testsuite: Incorrect default permissions (CVE-2022-31251)
CVE-2022-31251
6.3 - Medium
- September 07, 2022
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
Incorrect Default Permissions
An issue was discovered in Cobbler before 3.3.1
CVE-2021-45082
7.8 - High
- February 19, 2022
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Command Injection
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0368
7.8 - High
- January 26, 2022
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Read
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory
CVE-2021-36781
4.4 - Medium
- January 14, 2022
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
Incorrect Default Permissions
An issue was discovered in uriparser before 0.9.6
CVE-2021-46142
5.5 - Medium
- January 06, 2022
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
Dangling pointer
An issue was discovered in uriparser before 0.9.6
CVE-2021-46141
5.5 - Medium
- January 06, 2022
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
Dangling pointer
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names
CVE-2021-41819
7.5 - High
- January 01, 2022
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Reliance on Cookies without Validation and Integrity Checking
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string
CVE-2021-41817
7.5 - High
- January 01, 2022
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
ReDoS
vim is vulnerable to Out-of-bounds Read
CVE-2021-4166
7.1 - High
- December 25, 2021
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory
CVE-2021-25319
7.8 - High
- May 05, 2021
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.
Incorrect Default Permissions
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root
CVE-2020-8032
6.7 - Medium
- February 25, 2021
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
Insecure Temporary File
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory
CVE-2020-8024
5.3 - Medium
- June 29, 2020
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.
Incorrect Default Permissions
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory
CVE-2020-8015
8.4 - High
- April 02, 2020
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
insecure temporary file
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory
CVE-2019-18902
7.5 - High
- March 02, 2020
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.
Dangling pointer
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory
CVE-2019-18903
7.5 - High
- March 02, 2020
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.
Dangling pointer
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory
CVE-2019-18897
8.4 - High
- March 02, 2020
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.
insecure temporary file
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory
CVE-2019-18898
7.7 - High
- January 23, 2020
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Factory or by OpenSuse? Click the Watch button to subscribe.
