OpenSuse Factory

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in OpenSuse Factory.

By the Year

In 2025 there have been 0 vulnerabilities in OpenSuse Factory. Factory did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	0	0.00
2023	0	0.00
2022	9	6.68
2021	2	7.45
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Factory vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenSuse Factory Security Vulnerabilities

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory

CVE-2022-31256 7.8 - High - October 26, 2022

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.

insecure temporary file

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory

CVE-2022-31251 6.3 - Medium - September 07, 2022

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.

Incorrect Default Permissions

An issue was discovered in Cobbler before 3.3.1

CVE-2021-45082 7.8 - High - February 19, 2022

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

Command Injection

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-0368 7.8 - High - January 26, 2022

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Out-of-bounds Read

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory

CVE-2021-36781 4.4 - Medium - January 14, 2022

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.

Incorrect Default Permissions

An issue was discovered in uriparser before 0.9.6

CVE-2021-46142 5.5 - Medium - January 06, 2022

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

Dangling pointer

An issue was discovered in uriparser before 0.9.6

CVE-2021-46141 5.5 - Medium - January 06, 2022

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

Dangling pointer

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names

CVE-2021-41819 7.5 - High - January 01, 2022

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Reliance on Cookies without Validation and Integrity Checking

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string

CVE-2021-41817 7.5 - High - January 01, 2022

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

ReDoS

vim is vulnerable to Out-of-bounds Read

CVE-2021-4166 7.1 - High - December 25, 2021

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory

CVE-2021-25319 7.8 - High - May 05, 2021

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.

Incorrect Default Permissions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenSuse Factory or by OpenSuse? Click the Watch button to subscribe.

OpenSuse
Vendor

OpenSuse Factory
Product

OpenSuse Factory

Don't miss out!

By the Year

Recent OpenSuse Factory Security Vulnerabilities

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory CVE-2022-31256 7.8 - High - October 26, 2022

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory CVE-2022-31251 6.3 - Medium - September 07, 2022

An issue was discovered in Cobbler before 3.3.1 CVE-2021-45082 7.8 - High - February 19, 2022

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-0368 7.8 - High - January 26, 2022

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory CVE-2021-36781 4.4 - Medium - January 14, 2022

An issue was discovered in uriparser before 0.9.6 CVE-2021-46142 5.5 - Medium - January 06, 2022

An issue was discovered in uriparser before 0.9.6 CVE-2021-46141 5.5 - Medium - January 06, 2022

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names CVE-2021-41819 7.5 - High - January 01, 2022

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string CVE-2021-41817 7.5 - High - January 01, 2022

vim is vulnerable to Out-of-bounds Read CVE-2021-4166 7.1 - High - December 25, 2021

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory CVE-2021-25319 7.8 - High - May 05, 2021

Stay on top of Security Vulnerabilities

OpenSuse Vendor

OpenSuse FactoryProduct

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory

CVE-2022-31256 7.8 - High - October 26, 2022

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory

CVE-2022-31251 6.3 - Medium - September 07, 2022

An issue was discovered in Cobbler before 3.3.1

CVE-2021-45082 7.8 - High - February 19, 2022

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-0368 7.8 - High - January 26, 2022

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory

CVE-2021-36781 4.4 - Medium - January 14, 2022

An issue was discovered in uriparser before 0.9.6

CVE-2021-46142 5.5 - Medium - January 06, 2022

An issue was discovered in uriparser before 0.9.6

CVE-2021-46141 5.5 - Medium - January 06, 2022

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names

CVE-2021-41819 7.5 - High - January 01, 2022

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string

CVE-2021-41817 7.5 - High - January 01, 2022

vim is vulnerable to Out-of-bounds Read

CVE-2021-4166 7.1 - High - December 25, 2021

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory

CVE-2021-25319 7.8 - High - May 05, 2021

OpenSuse
Vendor

OpenSuse Factory
Product