Bugzilla – Bug List
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
Sun Jul 21 2024 18:37:04 UTC
"Always code as if the guy who ends up maintaining your code will be violent psychopath who knows where you live." --John F. Woods
Hide Search Description
Status:
UNCONFIRMED, NEW, CONFIRMED, IN_PROGRESS, REOPENED
Component:
Audits
Product:
SUSE Security Incidents
43 bugs found.
ID
▲
Product
Comp
Assignee
Status
Resolution
Summary
Changed
950215
SUSE Security Incidents
Audits
dap.darkness
IN_P
---
modem-manager-gui: E: polkit-unauthorized-privilege (Badness: 10000)
2018-10-26
992420
SUSE Security Incidents
Audits
security-team
IN_P
---
VUL-1: dleyna-renderer: listens on all interfaces
2018-11-27
1033055
SUSE Security Incidents
Audits
lbeltrame
REOP
---
AUDIT-STALE: CVE-2018-10361: ktexteditor: new DBus service
2022-07-11
1041126
SUSE Security Incidents
Audits
fabian
IN_P
---
plymouth-kcm: new D-Bus service with polkit rules
2018-10-26
1062040
SUSE Security Incidents
Audits
matthias.gerstner
REOP
---
AUDIT-STALE: kio: general purpose file system helper using D-Bus and Polkit
2022-05-04
1084588
SUSE Security Incidents
Audits
luc14n0
IN_P
---
switcheroo-control: enable switcheroo.service by default via systemd-presets-branding-openSUSE
2018-10-26
1143655
SUSE Security Incidents
Audits
dmueller
NEW
---
AUDIT-FIND: obs-service-set_version: checksum verification disabled
2022-02-24
1143656
SUSE Security Incidents
Audits
adrian.schroeter
NEW
---
AUDIT-FIND: obs-service-tar_scm: XXE with lxml
2020-11-26
1143658
SUSE Security Incidents
Audits
adrian.schroeter
NEW
---
AUDIT-FIND: obs-service-tar_scm: XML injection
2022-02-24
1143661
SUSE Security Incidents
Audits
adrian.schroeter
NEW
---
AUDIT-FIND: obs-service-bundle_gems: calls cpio instead of bsdtar
2020-11-25
1143663
SUSE Security Incidents
Audits
adrian.schroeter
NEW
---
AUDIT-FIND: obs-service-refresh-patches: calls into osc and quilt
2023-10-12
1143664
SUSE Security Incidents
Audits
adrian.schroeter
NEW
---
AUDIT-FIND: obs-service-git_tarballs: path traversal
2020-11-27
1143668
SUSE Security Incidents
Audits
adrian.schroeter
NEW
---
AUDIT-FIND: obs-service-renderspec: path traversal
2020-11-24
1143670
SUSE Security Incidents
Audits
adrian.schroeter
NEW
---
AUDIT-FIND: obs-service-download_url: certificate validation force-disabled
2022-02-24
1147035
SUSE Security Incidents
Audits
lbeltrame
NEW
---
AUDIT-FIND: ktexteditor: add the path name to be written to, to the polkit authentication message
2023-11-23
1147038
SUSE Security Incidents
Audits
lbeltrame
NEW
---
AUDIT-FIND: ktexteditor: defined and safe selection of target file mode and ownership
2021-06-03
1147041
SUSE Security Incidents
Audits
lbeltrame
NEW
---
AUDIT-FIND: ktexteditor: reject anything except regular files
2021-06-03
1147043
SUSE Security Incidents
Audits
lbeltrame
NEW
---
AUDIT-FIND: ktexteditor: safely handle target directories not owned by root
2021-06-03
1147045
SUSE Security Incidents
Audits
lbeltrame
NEW
---
AUDIT-FIND: ktexteditor: introduce a file system restriction
2021-06-03
1172572
SUSE Security Incidents
Audits
security-team
NEW
---
AUDIT-FIND: amanda: non-root owned files
2023-07-03
1172573
SUSE Security Incidents
Audits
mls
NEW
---
VUL-0: CVE-2020-8026: inn: non-root owned files
2020-09-18
1173067
SUSE Security Incidents
Audits
hpj
IN_P
---
AUDIT-FIND: openssh: change PermitRootLogin config option away from "yes"
2024-07-02
1173324
SUSE Security Incidents
Audits
matthias.gerstner
IN_P
---
AUDIT-STALE: container-support-utils: pam_container review
2021-03-10
1176156
SUSE Security Incidents
Audits
jsegitz
IN_P
---
AUDIT-TASK: Evaluate private /tmp for rpm during installation
2023-11-23
1182162
SUSE Security Incidents
Audits
aburlakov
NEW
---
AUDIT-FIND: hawk: Allow only explicitly required parameters
2023-11-24
1182164
SUSE Security Incidents
Audits
aburlakov
IN_P
---
AUDIT-FIND: hawk: Use of data from CIB to construct commands
2024-01-25
1182930
SUSE Security Incidents
Audits
hpj
IN_P
---
openssh: support of RFC draft regarding key exchange algorithms in SLE-12-SP5
2021-05-18
1195715
SUSE Security Incidents
Audits
fabian
NEW
---
AUDIT-FIND: kio: use safe file system calls and file open flags
2022-02-11
1195716
SUSE Security Incidents
Audits
fabian
NEW
---
AUDIT-FIND: kio: drop privileges if the final directory component is owned by non-root
2022-02-11
1195717
SUSE Security Incidents
Audits
fabian
NEW
---
AUDIT-FIND: kio: refuse paths when intermediate path components are under non-root control
2022-02-11
1195718
SUSE Security Incidents
Audits
fabian
NEW
---
AUDIT-FIND: kio: KIO needs to employ safe polkit authorization ideally using a standard component like KAuth
2022-02-11
1195719
SUSE Security Incidents
Audits
fabian
NEW
---
AUDIT-FIND: kio: use helpful and transparent authentication messages for the end-user
2022-02-11
1201921
SUSE Security Incidents
Audits
tzotsos
NEW
---
VUL-1: geoclue2: high accuracy GPS location can leak to arbitrary local users
2022-07-28
1207126
SUSE Security Incidents
Audits
jubalh
NEW
---
VUL-0: CVE-2023-23558: EternalTerminal: TelemetryService uses fixed paths in /tmp
2023-02-17
1213341
SUSE Security Incidents
Audits
security-team
IN_P
---
VUL-0: CVE-2023-49347: budgie-extras: budgie-wpreviews: use of fixed paths in /tmp
2024-03-08
1213342
SUSE Security Incidents
Audits
security-team
IN_P
---
VUL-0: CVE-2023-49344: budgie-extras: windowshufflerdaemon: uses various fixed /tmp file paths
2024-03-08
1216279
SUSE Security Incidents
Audits
matthias.gerstner
IN_P
---
TRACKER: budgie-extras: multiple fixed /tmp path issues
2023-12-14
1216281
SUSE Security Incidents
Audits
security-team
IN_P
---
VUL-0: CVE-2023-49345: budgie-extras: budgie-takeabreak: fixed /tmp path use in /tmp/nextbreak_<user>
2024-03-08
1216282
SUSE Security Incidents
Audits
security-team
IN_P
---
VUL-0: CVE-2023-49346: budgie-extras: budgie-weathershow: use of fixed path in /tmp/<username>_weatherdata
2024-03-08
1217595
SUSE Security Incidents
Audits
security-team
IN_P
---
VUL-0: CVE-2023-49342: budgie-extras: budgie-clockworks: uses fixed temporary files in /tmp/<user>_clockworks
2024-03-08
1217597
SUSE Security Incidents
Audits
security-team
IN_P
---
VUL-0: CVE-2023-49343: budgie-extras: budgie-dropby: use of fixed paths in /tmp/<user>_call_dropby and /tmp/<user>_dropby_icon_copy
2024-03-08
1221041
SUSE Security Incidents
Audits
fabian
NEW
---
VUL-0: sddm-kcm6: shaky D-Bus service, potential sddm to root attack vectors
2024-03-06
1227226
SUSE Security Incidents
Audits
alexandre.vicenzi
NEW
---
traefik2: systemd service should likely run as non-root
2024-07-12
43 bugs found.
Change Columns
Edit Search
as
