Tumbleweed OpenSuse Tumbleweed

Do you want an email whenever new security vulnerabilities are reported in OpenSuse Tumbleweed?

By the Year

In 2024 there have been 0 vulnerabilities in OpenSuse Tumbleweed . Last year Tumbleweed had 1 security vulnerability published. Right now, Tumbleweed is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 7.80
2022 1 7.80
2021 1 7.80
2020 1 7.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Tumbleweed vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenSuse Tumbleweed Security Vulnerabilities

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package

CVE-2023-32183 7.8 - High - July 07, 2023

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.

Incorrect Default Permissions

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed

CVE-2022-31250 7.8 - High - July 20, 2022

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.

insecure temporary file

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed

CVE-2021-25315 7.8 - High - March 03, 2021

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

authentification

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1

CVE-2020-8026 7.8 - High - August 07, 2020

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Incorrect Default Permissions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenSuse Tumbleweed or by OpenSuse? Click the Watch button to subscribe.

OpenSuse
Vendor

subscribe