|
738073
|
openSUSE Tumbleweed
|
Security
|
songchuan.kang
|
NEW
|
---
|
VUL-2: CVE-2012-1096: NetworkManager: Arbitrary file access/information leak
|
2023-05-26
|
|
777228
|
openSUSE Tumbleweed
|
Security
|
alarrosa
|
NEW
|
---
|
VUL-0: NetworkManager: editing WPA2 Enterprise connections makes them insecure again
|
2017-08-15
|
|
799529
|
openSUSE Tumbleweed
|
Security
|
liedke
|
NEW
|
---
|
VNSTATD -u value is invalid during debugging
|
2017-08-14
|
|
853019
|
openSUSE Tumbleweed
|
Security
|
security-team
|
CONF
|
---
|
systemctl restart apparmor considered harmful (was: %restart_on_update boot.apparmor + systemd wrapper considered harmful)
|
2019-03-25
|
|
938659
|
openSUSE Tumbleweed
|
Security
|
security-team
|
CONF
|
---
|
51-android.rules unconditionally grants user access for USB devices (and overwrites default "rw-rw-r-- root lp" for some USB printers e.g. from Kyocera)
|
2023-04-25
|
|
954609
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
Permission denied (g-file-error-quark, 2) in journal, because /etc/polkit-1/rules.d has wrong owner vnc
|
2015-11-20
|
|
957823
|
openSUSE Tumbleweed
|
Security
|
mozilla-bugs
|
NEW
|
---
|
Add option to use system certificate store to Mozilla Firefox
|
2021-07-12
|
|
965037
|
openSUSE Tumbleweed
|
Security
|
darin
|
NEW
|
---
|
unbount-anchor root key should be world-readable
|
2016-02-04
|
|
972787
|
openSUSE Tumbleweed
|
Security
|
pmonrealgonzalez
|
CONF
|
---
|
[gpg-agent] Rework agent startup for DM sessions.
|
2021-12-01
|
|
981227
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
rkhunter parameter RUN_SUSECONFIG is useless
|
2018-10-16
|
|
1030174
|
openSUSE Tumbleweed
|
Security
|
hpj
|
REOP
|
---
|
sshd doesn't generate host keys if sshd_config contains "HostKey"
|
2019-06-07
|
|
1033206
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
pam_ecryptfs: auto-umount isn't done
|
2017-04-10
|
|
1036969
|
openSUSE Tumbleweed
|
Security
|
security-team
|
REOP
|
---
|
VUL-1: CVE-2017-8372: libmad: assertion failure in layer3.c
|
2022-10-26
|
|
1051065
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
chkstat doesn't know what to do with a non-file non-directory outside /dev/
|
2017-08-11
|
|
1061278
|
openSUSE Tumbleweed
|
Security
|
gnome-bugs
|
IN_P
|
---
|
Impossible to disable chrome-gnome-shell without uninstalling it
|
2017-11-07
|
|
1072060
|
openSUSE Tumbleweed
|
Security
|
lnussel
|
NEW
|
---
|
TinyCA2 - Can't use 'defined(@array)' Compilation failed in require at /usr/bin/tinyca2 line 35.
|
2018-10-12
|
|
1086489
|
openSUSE Tumbleweed
|
Security
|
dmueller
|
NEW
|
---
|
rpmlint check for /usr/lib/systemd/system-preset/ files
|
2018-03-22
|
|
1089730
|
openSUSE Tumbleweed
|
Security
|
gnome-bugs
|
NEW
|
---
|
VUL-1: CVE-2018-10111: gegl: The render_rectangle function inprocess/gegl-processor.c has unbounded memory allocation, leading to a denial of service
|
2019-07-03
|
|
1099634
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
FIPS test should not empty entropy pool below a specific size
|
2018-06-29
|
|
1101512
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
ca-certificates-mozilla: implement additional CA trust changes as recommended by the Mozilla CA certificate programprogram
|
2018-07-17
|
|
1114853
|
openSUSE Tumbleweed
|
Security
|
jsmeix
|
REOP
|
---
|
VUL-1: CVE-2018-20106: yast2-printer: SMB printer settings test fails if the password includes a backtick
|
2023-03-22
|
|
1127368
|
openSUSE Tumbleweed
|
Security
|
me
|
REOP
|
---
|
snapd: add set*id permissions related to snapd (/usr/lib/snapd/snap-confine)
|
2020-12-30
|
|
1130388
|
openSUSE Tumbleweed
|
Security
|
justforlxz
|
REOP
|
---
|
AUDIT-STALE: deepin-clone: new polkit action com.deepin.pkexec.deepin-clone
|
2021-05-03
|
|
1132421
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
AppArmor profile for Ghostscript prevents "-sOutputFile=|cat 1>&3"
|
2019-04-15
|
|
1134131
|
openSUSE Tumbleweed
|
Security
|
matthias.gerstner
|
REOP
|
---
|
AUDIT-STALE: deepin-file-manager: new polkit actions of deepin-file-manager
|
2022-10-19
|
|
1134132
|
openSUSE Tumbleweed
|
Security
|
matthias.gerstner
|
REOP
|
---
|
AUDIT-STALE: deepin-file-manager: new dbus of deepin-file-manager
|
2024-05-02
|
|
1134978
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-1: CVE-2019-12083: rust: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety
|
2022-10-20
|
|
1142529
|
openSUSE Tumbleweed
|
Security
|
kgronlund
|
IN_P
|
---
|
VUL-1: CVE-2019-14241: haproxy: cookie memory corruption
|
2021-04-19
|
|
1148282
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2019-15553: rust-memoffset: offset_of and span_of can cause exposure of uninitialized memory
|
2019-08-27
|
|
1148283
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2019-15554: rust-smallvec: memory corruption for certain grow attempts with less than the current capacity
|
2019-08-27
|
|
1148284
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2019-15552: rust-libflate: MultiDecoder:read has a use-after-free, leading to arbitrary code execution
|
2019-08-27
|
|
1148285
|
openSUSE Tumbleweed
|
Security
|
i.gnatenko.brain
|
NEW
|
---
|
VUL-1: CVE-2019-15542: rust-ammonia: There is uncontrolled recursion during HTML DOM tree serialization
|
2020-01-16
|
|
1148286
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2018-20997: rust-openssl: A use-after-free occurs in CMS Signing
|
2019-08-27
|
|
1148287
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2019-15551: rust-smallvec: double free for certain grow attempts with the current capacity.
|
2019-08-27
|
|
1148293
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2018-20991: rust-smallvec: The Iterator implementation mishandles destructors, leading to a double free.
|
2021-04-23
|
|
1148294
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2018-20996: rust-crossbeam-epoch: double free because of destructor mishandling
|
2019-08-27
|
|
1150129
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2019-16137: rust-spin: improper memory handling violates mutual exclusion
|
2019-09-11
|
|
1160668
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-1: CVE-2020-6750: glib2: GSocketClient may occasionally connect directly to a target address instead of connecting via a proxy server
|
2022-10-20
|
|
1165566
|
openSUSE Tumbleweed
|
Security
|
mrueckert
|
NEW
|
---
|
VUL-1: roccat-tools: setgid directory /var/lib/roccat with group write permissions is unsafe
|
2020-03-12
|
|
1170036
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-1: CVE-2020-11958: re2c: heap overflow in Scanner:fill (scanner.cc)
|
2021-03-26
|
|
1171115
|
openSUSE Tumbleweed
|
Security
|
fabian
|
NEW
|
---
|
sddm: org.freedesktop.login1.* in restrictive profile: KDE hangs on logout when choosing "shut down"
|
2022-11-01
|
|
1171472
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-1: CVE-2020-12761: imlib2: integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map
|
2023-08-10
|
|
1172141
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-0: CVE-2020-1695: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
|
2020-05-26
|
|
1173695
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
gnupg needs dirmngr to receive keys, but does not require it
|
2020-07-03
|
|
1177182
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
Don't use DES as default password encryption
|
2021-12-01
|
|
1178848
|
openSUSE Tumbleweed
|
Security
|
andrius-suse
|
IN_P
|
---
|
AUDIT-STALE: kpmcore: org.kde.kpmcore.helperinterface D-Bus service and polkit privileges
|
2023-04-07
|
|
1178917
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
CLI invoke YaST does not prompt for elevation of permissions
|
2020-11-18
|
|
1178980
|
openSUSE Tumbleweed
|
Security
|
hel
|
NEW
|
---
|
VUL-1: CVE-2020-25724: resteasy: information disclosure via HTTP response reuse
|
2020-11-19
|
|
1179740
|
openSUSE Tumbleweed
|
Security
|
zhoubin
|
IN_P
|
---
|
AUDIT-STALE: ukui-control-center: D-Bus service with polkit actions
|
2021-05-03
|
|
1180654
|
openSUSE Tumbleweed
|
Security
|
federico
|
NEW
|
---
|
VUL-0: CVE-2020-35711: rust: Use of arc_swap::access::Map with the Constant test helper may lead to dangling references being returned by the map
|
2021-01-07
|
|
1181427
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
Could iexplore.exe from wine-staging-32bit-6.0-1.1.x86_64 be virus infected?
|
2021-01-27
|
|
1181657
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-1: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit
|
2023-03-17
|
|
1183425
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
Graphical "Please enter passphrase" prompt for disk encryption upon startup is unreadable on HiDPI
|
2022-09-13
|
|
1183885
|
openSUSE Tumbleweed
|
Security
|
matthias.gerstner
|
IN_P
|
---
|
AUDIT-STALE: hfd-service: new package with D-Bus service com.lomiri.hfd.conf
|
2021-10-13
|
|
1187758
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
Lynis does not support /usr/etc/ssh/
|
2021-06-30
|
|
1188919
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
polkit no longer honors /etc/polkit-default-privs.local
|
2022-07-18
|
|
1190024
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
haveged service has become obsolete with recent kernels (>= 5.6)
|
2024-02-15
|
|
1192106
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
[Tumbleweed][security][pam][Build_20211026] zypper in pam_mount failed
|
2022-07-11
|
|
1192412
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
systemd complains about unsafe setting of plymouth-start.service
|
2022-02-24
|
|
1194031
|
openSUSE Tumbleweed
|
Security
|
pth
|
IN_P
|
---
|
logwatch: mdadm: cannot open /dev/md0: No such file or directory
|
2023-07-24
|
|
1194053
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
[Feature Request] Add support for pam_u2f in KDE, Firefox and Yast2
|
2021-12-27
|
|
1194520
|
openSUSE Tumbleweed
|
Security
|
dmueller
|
NEW
|
---
|
VUL-1: CVE-2022-22846: python-dnslib: dnslib through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.
|
2022-01-11
|
|
1194936
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2022-21699: python-ipython: local arbitrary code execution via temporary files
|
2022-07-08
|
|
1195105
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2021-45341: A buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document
|
2022-06-15
|
|
1195122
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2021-45342: A buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document
|
2022-06-15
|
|
1195123
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-1: CVE-2021-45343: a NULL pointer dereference in libdxfrw in LibreCAD allows an attacker to crash the application via a crafted DXF document
|
2022-06-01
|
|
1195124
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2022-0367: libmodbus: Heap-based Buffer Overflow in modbus_reply
|
2022-11-11
|
|
1195188
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2022-23959: varnish: request smuggling can occur for HTTP/1 connections
|
2022-06-15
|
|
1195205
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-0: CVE-2022-0368: vim: Out-of-bounds Read in vim prior to 8.2.
|
2022-01-27
|
|
1195253
|
openSUSE Tumbleweed
|
Security
|
emanuel.castelo
|
CONF
|
---
|
mbpfan not starting after systemd hardenings were added
|
2022-01-29
|
|
1195336
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-0: CVE-2022-0393: vim: Out-of-bounds Read in vim prior to 8.2.
|
2022-02-03
|
|
1195444
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-1: CVE-2022-0419: NULL Pointer Dereference in radare2 prior to 6.0.0.
|
2022-02-02
|
|
1195459
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-0: CVE-2022-0408: vim: Stack-based Buffer Overflow in spellsuggest.c
|
2022-02-02
|
|
1195499
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-0: CVE-2022-0417: vim: Heap-based Buffer Overflow in vim prior to 8.2.
|
2022-02-03
|
|
1195509
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-1: CVE-2022-0443: vim: Use After Free in vim prior to 8.2
|
2022-02-03
|
|
1195713
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-1: CVE-2022-0139: radare2: Use After Free in radare2 prior to 5.6.0.
|
2022-02-09
|
|
1195720
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-1: CVE-2022-0523: Expired Pointer Dereference in radare2 prior to 5.6.2.
|
2022-02-09
|
|
1195741
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-1: CVE-2022-0520: Use After Free in radare2 prior to 5.6.2.
|
2022-02-09
|
|
1195742
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-1: CVE-2022-0522: radare2: Access of Memory Location Before Start of Buffer in radare2 prior to 5.6.2.
|
2022-02-09
|
|
1195746
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-1: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2.
|
2022-02-09
|
|
1195846
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-0: CVE-2022-0554: vim: Use of Out-of-range Pointer Offset in vim prior to 8.2.
|
2022-02-11
|
|
1196173
|
openSUSE Tumbleweed
|
Security
|
pgeorgiadis
|
NEW
|
---
|
VUL-0: CVE-2022-23632: traefik: TLS configuration falls back to the default configuration that might not correspond to the configured one
|
2022-02-18
|
|
1196227
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-0: CVE-2022-0685: vim: out of bounds read in vim prior to 8.2.4418.
|
2022-02-21
|
|
1196414
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-0: CVE-2022-0476: radare2: DoS caused by a malformed mdmp file
|
2022-02-24
|
|
1196460
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2019-25058: usbguard: Fix unauthorized access via D-Bus
|
2022-02-28
|
|
1196484
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-1: CVE-2022-0695: radare2: Denial of Service in radare2 prior to 5.6.4.
|
2022-02-25
|
|
1196819
|
openSUSE Tumbleweed
|
Security
|
daniel
|
NEW
|
---
|
VUL-0: CVE-2022-0849: radare2: Use After Free in r_reg_get_name_idx prior to 5.6.6
|
2022-03-07
|
|
1196890
|
openSUSE Tumbleweed
|
Security
|
matthias.gerstner
|
IN_P
|
---
|
AUDIT-STALE: swhkd: review of polkit rule file swhkd.rules
|
2022-05-18
|
|
1197420
|
openSUSE Tumbleweed
|
Security
|
daniel
|
NEW
|
---
|
VUL-0: CVE-2022-1031: radare2: Use After Free in op_is_set_bp
|
2022-03-23
|
|
1197463
|
openSUSE Tumbleweed
|
Security
|
aakashsensharma
|
IN_P
|
---
|
AUDIT-FIND: CVE-2022-27814: swhkd: The `-c` Daemon Command Line Parameter Allows for Arbitrary File Existence Tests
|
2022-04-14
|
|
1197466
|
openSUSE Tumbleweed
|
Security
|
aakashsensharma
|
NEW
|
---
|
AUDIT-FIND: CVE-2022-27817: swhkd: Input Events are Consumed For all Keyboard Input Devices in all Sessions
|
2022-04-14
|
|
1197468
|
openSUSE Tumbleweed
|
Security
|
aakashsensharma
|
IN_P
|
---
|
AUDIT-FIND: CVE-2022-27819: swhkd: The `-c` Daemon Command Line Parameter Allows to Parse Arbitrary Files
|
2022-04-14
|
|
1197508
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-0: CVE-2022-1061: radare2: Heap Buffer Overflow in parseDragons
|
2022-03-25
|
|
1197509
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
VUL-0: CVE-2022-1052: radare2: Heap Buffer Overflow in iterate_chained_fixups
|
2022-03-25
|
|
1197580
|
openSUSE Tumbleweed
|
Security
|
idesmi
|
NEW
|
---
|
VUL-1: CVE-2022-27938: libsixel: reachable assertion in stbi__create_png_image_raw
|
2022-03-28
|
|
1197871
|
openSUSE Tumbleweed
|
Security
|
dfaggioli
|
NEW
|
---
|
VUL-0: CVE-2022-27650: crun: Default inheritable capabilities for linux container should be empty
|
2022-03-31
|
|
1197974
|
openSUSE Tumbleweed
|
Security
|
hpj
|
NEW
|
---
|
openssh: 8.9p1 32bit login failt with debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
|
2022-04-02
|
|
1198274
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
zypper: cannot trust key
|
2022-11-07
|
|
1199337
|
openSUSE Tumbleweed
|
Security
|
pmonrealgonzalez
|
NEW
|
---
|
[Tumbleweed][libssh][Build_20220507] virsh remote connect by using libssh2 failed with "Username/PublicKey combination"
|
2022-11-24
|
|
1199846
|
openSUSE Tumbleweed
|
Security
|
aplanas
|
NEW
|
---
|
Keylime status fails when the database is empty
|
2022-05-23
|
|
1199847
|
openSUSE Tumbleweed
|
Security
|
aplanas
|
NEW
|
---
|
Error during the first call to remove an agent in Keylime
|
2022-05-23
|
|
1199969
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-1: CVE-2022-1886: vim: heap out of bounds read
|
2022-05-27
|
|
1200125
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-1: CVE-2022-1942: vim: out of bounds write in vim_regsub_both()
|
2022-06-01
|
|
1200182
|
openSUSE Tumbleweed
|
Security
|
jsegitz
|
IN_P
|
---
|
[SELinux]: systemd-resolved cannot bind port 53
|
2023-04-20
|
|
1200686
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
python3.10 breaks fail2ban, throws "PY_SSIZE_T_CLEAN macro must be defined for '#' formats"
|
2022-07-06
|
|
1201137
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-1: CVE-2022-2288: vim: out of bounds write in parse_command_modifiers()
|
2022-07-04
|
|
1201139
|
openSUSE Tumbleweed
|
Security
|
mimi.vx
|
NEW
|
---
|
VUL-1: CVE-2022-2289: vim: use after free in ex_diffgetput()
|
2022-07-04
|
|
1201146
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2022-33099: lua54,lua53,lua51,lua: heap buffer overflow due to uncontrolled recursion in error handling
|
2023-04-06
|
|
1201291
|
openSUSE Tumbleweed
|
Security
|
aplanas
|
NEW
|
---
|
tpm2.0-tools tpm2_makecredential broken when -T none is set
|
2022-07-07
|
|
1201556
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
Fork bomb bash command :(){ :|:& };: working on tumbleweed
|
2024-02-23
|
|
1202042
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
PolicyKit and preventing social engineering attacks
|
2022-08-07
|
|
1202160
|
openSUSE Tumbleweed
|
Security
|
stefan.bruens
|
NEW
|
---
|
AUDIT-FIND: libiio: libiio-usb-udev-rules: insecure permissions
|
2023-01-05
|
|
1202921
|
openSUSE Tumbleweed
|
Security
|
maiku.fabian
|
NEW
|
---
|
fwnn: fwnn: sub-packages like fcwnn, fkwnn, ftwnn use fixed socket paths in /tmp, use root group instead of wnn
|
2022-10-26
|
|
1202924
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-1: kvm_stat: parses /proc/mounts possibly in an unsafe way
|
2022-11-03
|
|
1202931
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2022-31253: openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself
|
2023-04-10
|
|
1202933
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2022-3560: pesign: pesign-authorize ExecStartPost script allows privilege escalation from pesign to root
|
2023-04-10
|
|
1202934
|
openSUSE Tumbleweed
|
Security
|
asn
|
CONF
|
---
|
AUDIT-FIND: powerline: powerline-daemon running as root with poor programming practices
|
2022-10-06
|
|
1202938
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
openscap: oscap-remediate.service with bad libexec path
|
2022-08-30
|
|
1202944
|
openSUSE Tumbleweed
|
Security
|
meissner
|
IN_P
|
---
|
security/sshguard: Bug buffer overflow detected
|
2022-08-31
|
|
1203187
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-1: CVE-2022-38528: assimp: segmentation fault in Assimp::XFileImporter::CreateMeshes
|
2023-12-05
|
|
1203441
|
openSUSE Tumbleweed
|
Security
|
jengelh
|
NEW
|
---
|
VUL-0: CVE-2022-2566: ffmpeg-5: integer overflow in build_open_gop_key_points() leads to out of bounds read
|
2022-09-15
|
|
1204269
|
openSUSE Tumbleweed
|
Security
|
gayane.osipyan
|
NEW
|
---
|
[SELinux] support for pihole on MicroOS
|
2023-08-16
|
|
1204284
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2022-42889: apache-commons-text: code execution when processing untrusted input due to insecure interpolation defaults
|
2024-03-04
|
|
1205151
|
openSUSE Tumbleweed
|
Security
|
security-team
|
CONF
|
---
|
Error while taking snapshots of home partition (MicroOS)
|
2022-11-09
|
|
1205463
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2022-45047: apache-sshd: Java unsafe deserialization vulnerability
|
2024-03-05
|
|
1205512
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347: freerdp: Multiple client side input validation issues
|
2024-06-26
|
|
1206319
|
openSUSE Tumbleweed
|
Security
|
t.gruner
|
IN_P
|
---
|
Yubikey-manager-gui throws "NameError: name 'yubikey' is not defined"
|
2023-12-12
|
|
1206628
|
openSUSE Tumbleweed
|
Security
|
fabian
|
NEW
|
---
|
VUL-1: drkonqi5: skip core dumps that are security sensitive
|
2024-02-28
|
|
1206710
|
openSUSE Tumbleweed
|
Security
|
bootloader-maintainers
|
NEW
|
---
|
Disk encryption password now requested only once
|
2023-06-30
|
|
1207234
|
openSUSE Tumbleweed
|
Security
|
aavindraa
|
NEW
|
---
|
VUL-0: CVE-2023-22499: deno: Interactive permission prompt spoofing
|
2023-01-18
|
|
1207449
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-22797: rubygem-actionpack-*: Possible Open Redirect Vulnerability in Action Pack
|
2023-09-21
|
|
1207450
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2022-44566: rubygem-activerecord-*: Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
|
2023-03-01
|
|
1207451
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-22795: rubygem-actionpack-*: Possible ReDoS based DoS vulnerability in Action Dispatch
|
2024-01-09
|
|
1207452
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-22794: rubygem-activerecord-*: SQL Injection Vulnerability via ActiveRecord comments
|
2023-09-21
|
|
1207454
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-22796: rubygem-activesupport-*: Possible ReDoS based DoS vulnerability in Active Support's underscore
|
2023-03-03
|
|
1207455
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-22792: rubygem-actionpack-*: Possible ReDoS based DoS vulnerability in Action Dispatch
|
2024-01-09
|
|
1207683
|
openSUSE Tumbleweed
|
Security
|
zypp-maintainers
|
NEW
|
---
|
zypper: consider removing no longer need GPG keys from rpmdb
|
2023-02-15
|
|
1208056
|
openSUSE Tumbleweed
|
Security
|
os.gnome.maintainers
|
NEW
|
---
|
AUDIT-FIND: colord: LPE from colord to root (with fs.protected_hardlinks=0)
|
2023-06-26
|
|
1208088
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2023-25165: krius: helm: getHostByName Function Information Disclosure
|
2023-02-10
|
|
1208091
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-25165: trivy: helm: getHostByName Function Information Disclosure
|
2023-03-05
|
|
1208092
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2023-25165: cmctl: helm: getHostByName Function Information Disclosure
|
2023-02-10
|
|
1208094
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2023-25165: kube-no-trouble: helm: getHostByName Function Information Disclosure
|
2023-02-10
|
|
1208557
|
openSUSE Tumbleweed
|
Security
|
os.gnome.maintainers
|
NEW
|
---
|
VUL-0: CVE-2022-31394: fractal: hyper: max header list size not settable allowing deny of service
|
2023-02-22
|
|
1208558
|
openSUSE Tumbleweed
|
Security
|
os.gnome.maintainers
|
NEW
|
---
|
VUL-0: CVE-2022-31394: gnome-podcasts: hyper: max header list size not settable allowing deny of service
|
2023-02-22
|
|
1208560
|
openSUSE Tumbleweed
|
Security
|
matthias
|
NEW
|
---
|
VUL-0: CVE-2022-31394: spotifyd: hyper: max header list size not settable allowing deny of service
|
2023-02-22
|
|
1208561
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2022-31394: tectonic: hyper: max header list size not settable allowing deny of service
|
2023-02-22
|
|
1208562
|
openSUSE Tumbleweed
|
Security
|
william.brown
|
NEW
|
---
|
VUL-0: CVE-2022-31394: wasm-pack: hyper: max header list size not settable allowing deny of service
|
2023-02-23
|
|
1209053
|
openSUSE Tumbleweed
|
Security
|
pmonrealgonzalez
|
IN_P
|
---
|
openssl 3 should fail on certain hash algorithms on FIPS
|
2024-07-09
|
|
1209206
|
openSUSE Tumbleweed
|
Security
|
alarrosa
|
NEW
|
---
|
VUL-0: CVE-2023-28144: hotspot: possible local root exploit in elevate_perf_privileges.sh
|
2024-05-22
|
|
1210350
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
CONF
|
---
|
VUL-0: CVE-2023-26964: atuin: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210352
|
openSUSE Tumbleweed
|
Security
|
aavindraa
|
NEW
|
---
|
VUL-0: CVE-2023-26964: deno: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210353
|
openSUSE Tumbleweed
|
Security
|
os.gnome.maintainers
|
NEW
|
---
|
VUL-0: CVE-2023-26964: gnome-podcasts: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210354
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2023-26964: hoard: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-08-06
|
|
1210355
|
openSUSE Tumbleweed
|
Security
|
nyslay
|
NEW
|
---
|
VUL-0: CVE-2023-26964: i3status-rust: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-21
|
|
1210356
|
openSUSE Tumbleweed
|
Security
|
william.brown
|
NEW
|
---
|
VUL-0: CVE-2023-26964: kanidm: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2024-06-13
|
|
1210357
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-26964: lapce: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210358
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-26964: mdbook: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210360
|
openSUSE Tumbleweed
|
Security
|
mardnh
|
NEW
|
---
|
VUL-0: CVE-2023-26964: ncspot: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210361
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-26964: pijul: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-06-02
|
|
1210362
|
openSUSE Tumbleweed
|
Security
|
dead_mozay
|
NEW
|
---
|
VUL-0: CVE-2023-26964: procs: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210363
|
openSUSE Tumbleweed
|
Security
|
security-team
|
REOP
|
---
|
VUL-0: CVE-2023-26964: python-mitmproxy-wireguard: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-05-09
|
|
1210364
|
openSUSE Tumbleweed
|
Security
|
matthias
|
NEW
|
---
|
VUL-0: CVE-2023-26964: spotifyd: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210365
|
openSUSE Tumbleweed
|
Security
|
william.brown
|
NEW
|
---
|
VUL-0: CVE-2023-26964: tealdeer: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210366
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-26964: tectonic: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210367
|
openSUSE Tumbleweed
|
Security
|
william.brown
|
NEW
|
---
|
VUL-0: CVE-2023-26964: wasm-pack: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210368
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-26964: watchexec: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-05-29
|
|
1210369
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-26964: wezterm: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210370
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-26964: zola: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames
|
2023-04-13
|
|
1210424
|
openSUSE Tumbleweed
|
Security
|
jengelh
|
NEW
|
---
|
VUL-0: CVE-2022-48437: libressl: incorrect leaf certificate verification
|
2023-04-13
|
|
1210672
|
openSUSE Tumbleweed
|
Security
|
jsegitz
|
IN_P
|
---
|
[Build 20230419][Tumbleweed-MicroOS] [SElinux]failed to disable 'chronyd' service due to selinux denied
|
2023-04-20
|
|
1210703
|
openSUSE Tumbleweed
|
Security
|
mpluskal
|
CONF
|
---
|
arp-scan: Cannot open MAC/Vendor files
|
2024-04-20
|
|
1210962
|
openSUSE Tumbleweed
|
Security
|
wolfgang.frisch
|
IN_P
|
---
|
AUDIT-0: openvpn3-linux: DBus system services
|
2024-06-17
|
|
1211301
|
openSUSE Tumbleweed
|
Security
|
pmonrealgonzalez
|
IN_P
|
---
|
crypto-policies: Extend the crypto-policies support for mozilla-nss, openjdk, krb5, bind, stunnel, openssh, libssh and more packages
|
Wed 12:40
|
|
1211374
|
openSUSE Tumbleweed
|
Security
|
matthias.gerstner
|
IN_P
|
---
|
AUDIT-STALE: deepin-app-services: new dbus services of deepin-app-services
|
2024-05-21
|
|
1212020
|
openSUSE Tumbleweed
|
Security
|
hpj
|
NEW
|
---
|
openssh: Stop creating DSA host keys
|
2023-06-06
|
|
1212038
|
openSUSE Tumbleweed
|
Security
|
t.gruner
|
IN_P
|
---
|
Yubikey RPM missing udev rules file to access device by non-root user
|
2023-06-06
|
|
1212054
|
openSUSE Tumbleweed
|
Security
|
okurz
|
NEW
|
---
|
VUL-0: CVE-2023-32682: matrix-synapse: Improper checks for deactivated users during login
|
2023-07-07
|
|
1212055
|
openSUSE Tumbleweed
|
Security
|
okurz
|
NEW
|
---
|
VUL-0: CVE-2023-32683: matrix-synapse: URL deny list bypass via oEmbed and image URLs when generating previews
|
2023-07-07
|
|
1212120
|
openSUSE Tumbleweed
|
Security
|
asarai
|
NEW
|
---
|
libnbcompat: broken sha256 hashes with -fstrict-aliasing
|
2023-06-08
|
|
1212219
|
openSUSE Tumbleweed
|
Security
|
kastl
|
IN_P
|
---
|
VUL-0: CVE-2023-24535: golang-github-prometheus-prometheus: google.golang.org/protobuf: panic leading to denial of service
|
2023-09-24
|
|
1212220
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2023-24535: syft: google.golang.org/protobuf: panic leading to denial of service
|
2023-06-13
|
|
1212457
|
openSUSE Tumbleweed
|
Security
|
dmueller
|
NEW
|
---
|
chmlib is unmaintained and has multiple vulnerabilities
|
2023-06-17
|
|
1212539
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
Wrong directory permissions for tss group prevent using TPM2 for SSH as non-root user
|
2023-07-07
|
|
1212672
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
Gnome desktop: Cannot enable auto login for user via settings
|
2023-07-31
|
|
1213060
|
openSUSE Tumbleweed
|
Security
|
mpluskal
|
IN_P
|
---
|
VUL-1: CVE-2023-43771: nqptp: NULL pointer dereference caused by invalid control port message
|
2024-04-15
|
|
1213526
|
openSUSE Tumbleweed
|
Security
|
mpluskal
|
IN_P
|
---
|
AUDIT-FIND: nqptp: world-writable SHM in /dev/shm/nqptp
|
2023-10-12
|
|
1214024
|
openSUSE Tumbleweed
|
Security
|
mpluskal
|
NEW
|
---
|
VUL-0: CVE-2023-4012: ntpsec: crash after client request
|
2023-08-07
|
|
1214399
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: hplip: use of fixed temporary paths in hppsfilter.c
|
2024-01-04
|
|
1215347
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-4863: zola: Heap buffer overflow in WebP
|
2023-09-14
|
|
1215349
|
openSUSE Tumbleweed
|
Security
|
mardnh
|
NEW
|
---
|
VUL-0: CVE-2023-4863: dssim: Heap buffer overflow in WebP
|
2023-09-14
|
|
1215418
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-3891: lapce: race condition during file manipulation
|
2023-09-18
|
|
1215655
|
openSUSE Tumbleweed
|
Security
|
aavindraa
|
NEW
|
---
|
VUL-0: CVE-2023-42811: deno: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs
|
2023-09-25
|
|
1215656
|
openSUSE Tumbleweed
|
Security
|
lyan
|
NEW
|
---
|
VUL-0: CVE-2023-42811: firecracker: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs
|
2023-09-25
|
|
1215657
|
openSUSE Tumbleweed
|
Security
|
william.brown
|
NEW
|
---
|
VUL-0: CVE-2023-42811: rage-encryption: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs
|
2023-10-12
|
|
1215658
|
openSUSE Tumbleweed
|
Security
|
hillwoodroc
|
NEW
|
---
|
VUL-0: CVE-2023-42811: shadowsocks-rust: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs
|
2023-09-25
|
|
1215659
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-42811: Fragments: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs
|
2023-09-25
|
|
1215660
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: CVE-2023-42811: warp: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs
|
2023-09-25
|
|
1216431
|
openSUSE Tumbleweed
|
Security
|
adrian.glaubitz
|
NEW
|
---
|
VUL-0: CVE-2023-44690: python-mycli: use of insecure AES-ECB
|
2024-02-21
|
|
1216478
|
openSUSE Tumbleweed
|
Security
|
adrian.schroeter
|
NEW
|
---
|
VUL-0: TRACKERBUG: stb: Several memory access violations in stb_image and stb_vorbis
|
2023-10-23
|
|
1217032
|
openSUSE Tumbleweed
|
Security
|
sebix+novell.com
|
NEW
|
---
|
VUL-0: scamper: TCP packet parsing buffer overflow via large TCP fast open cookie
|
2023-11-10
|
|
1217042
|
openSUSE Tumbleweed
|
Security
|
zkubala
|
IN_P
|
---
|
SELinux Tool sealert-gui Nonfunctional Due to Missing Dependency
|
2024-06-04
|
|
1217414
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
changing default umask for new users homedir sets the current umask for ALL users including root
|
Fri 16:38
|
|
1217505
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
IN_P
|
---
|
VUL-0: CVE-2023-46575: mesheryctl: SQL injection in api/system/database endpoint
|
2023-11-27
|
|
1217633
|
openSUSE Tumbleweed
|
Security
|
eyadlorenzo
|
NEW
|
---
|
VUL-0: CVE-2023-49092: arti: RustCrypto/RSA: Marvin Attack - potential key recovery through timing sidechannels
|
2023-11-29
|
|
1217634
|
openSUSE Tumbleweed
|
Security
|
uncomfy+openbuildservice
|
NEW
|
---
|
VUL-0: CVE-2023-49092: atuin: RustCrypto/RSA: Marvin Attack - potential key recovery through timing sidechannels
|
2023-11-29
|
|
1217635
|
openSUSE Tumbleweed
|
Security
|
aavindraa
|
NEW
|
---
|
VUL-0: CVE-2023-49092: deno: RustCrypto/RSA: Marvin Attack - potential key recovery through timing sidechannels
|
2023-11-29
|
|
1217636
|
openSUSE Tumbleweed
|
Security
|
jubalh
|
NEW
|
---
|
VUL-0: CVE-2023-49092: himalaya: RustCrypto/RSA: Marvin Attack - potential key recovery through timing sidechannels
|
2023-11-29
|
|
1217783
|
openSUSE Tumbleweed
|
Security
|
martin.schreiner
|
IN_P
|
---
|
VUL-0: pcp: pmie_farm_check.service and pmlogger_farm_check.service use unsafe tmp directories
|
2024-07-12
|
|
1217824
|
openSUSE Tumbleweed
|
Security
|
rfrohl
|
IN_P
|
---
|
longterm kernel: figure out how to build KMPs
|
2024-05-21
|
|
1219363
|
openSUSE Tumbleweed
|
Security
|
jsegitz
|
CONF
|
---
|
[SELinux] AVC denial execmem ModemManager
|
2024-06-06
|
|
1219688
|
openSUSE Tumbleweed
|
Security
|
paolo.perego
|
NEW
|
---
|
AUDIT-0: agama: agama web server
|
Fri 13:52
|
|
1219807
|
openSUSE Tumbleweed
|
Security
|
aplanas
|
CONF
|
---
|
Fail FDE predictions on MicroOS
|
2024-03-23
|
|
1220046
|
openSUSE Tumbleweed
|
Security
|
simonf.lees
|
NEW
|
---
|
sudo: SELinux confined users are unable to transition to sysadm_r/t
|
2024-06-18
|
|
1220090
|
openSUSE Tumbleweed
|
Security
|
cathy.hu
|
NEW
|
---
|
SELinux - Kernel command line switch to prevent enforcing to permissive transition at runtime.
|
2024-03-19
|
|
1220586
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
sudo wrapper inside $HOME/bin
|
2024-03-04
|
|
1220993
|
openSUSE Tumbleweed
|
Security
|
meissner
|
NEW
|
---
|
GPG Keys expired in package openSUSE-build-key for alternative architectures
|
2024-03-12
|
|
1221348
|
openSUSE Tumbleweed
|
Security
|
jsegitz
|
NEW
|
---
|
SELinux: relabeling after reboot is not communicated to user
|
2024-03-14
|
|
1221714
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
GCC 14: fipscheck package fails
|
2024-07-08
|
|
1221733
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
VUL-0: Possible unauthenticated code inclusion via themes in plasma 6
|
2024-03-21
|
|
1221801
|
openSUSE Tumbleweed
|
Security
|
dfaggioli
|
NEW
|
---
|
VUL-0: CVE-2024-29864: distrobox: command injection in exported executables
|
2024-03-21
|
|
1222180
|
openSUSE Tumbleweed
|
Security
|
hpj
|
NEW
|
---
|
openssh: rewrite systemd notification without linking systemd
|
2024-05-03
|
|
1222468
|
openSUSE Tumbleweed
|
Security
|
alexandre.vicenzi
|
NEW
|
---
|
VUL-0: CVE-2024-22189: caddy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
Wed 09:55
|
|
1222470
|
openSUSE Tumbleweed
|
Security
|
andrea.manzini
|
NEW
|
---
|
VUL-0: CVE-2024-22189: coredns: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-09
|
|
1222472
|
openSUSE Tumbleweed
|
Security
|
rbrown
|
NEW
|
---
|
VUL-0: CVE-2024-22189: coredns-for-k8s1.29: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222473
|
openSUSE Tumbleweed
|
Security
|
cunix
|
NEW
|
---
|
VUL-0: CVE-2024-22189: dnscrypt-proxy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-22
|
|
1222475
|
openSUSE Tumbleweed
|
Security
|
jkowalczyk
|
NEW
|
---
|
VUL-0: CVE-2024-22189: dnsproxy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222476
|
openSUSE Tumbleweed
|
Security
|
jkowalczyk
|
NEW
|
---
|
VUL-0: CVE-2024-22189: doggo: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222477
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2024-22189: istioctl: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222479
|
openSUSE Tumbleweed
|
Security
|
bwiedemann
|
IN_P
|
---
|
VUL-0: CVE-2024-22189: kubo: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222480
|
openSUSE Tumbleweed
|
Security
|
bugzilla_opensuse
|
NEW
|
---
|
VUL-0: CVE-2024-22189: rke2: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222481
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2024-22189: rke2-1.26: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222483
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2024-22189: rke2-1.27: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222484
|
openSUSE Tumbleweed
|
Security
|
opensuse_buildservice
|
NEW
|
---
|
VUL-0: CVE-2024-22189: rke2-1.28: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-08
|
|
1222487
|
openSUSE Tumbleweed
|
Security
|
sor.alexei
|
IN_P
|
---
|
VUL-0: CVE-2024-22189: syncthing: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-10
|
|
1222488
|
openSUSE Tumbleweed
|
Security
|
hillwoodroc
|
NEW
|
---
|
VUL-0: CVE-2024-22189: v2ray-core: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
|
2024-04-14
|
|
1222716
|
openSUSE Tumbleweed
|
Security
|
pmonrealgonzalez
|
IN_P
|
---
|
libssh tries to read config from wrong crypto-policies location
|
2024-04-15
|
|
1223260
|
openSUSE Tumbleweed
|
Security
|
ddiss
|
NEW
|
---
|
SELinux denies pcp
|
2024-05-28
|
|
1223882
|
openSUSE Tumbleweed
|
Security
|
os.gnome.maintainers
|
NEW
|
---
|
VUL-0: CVE-2024-34063: fractal: vodozemac: degraded secret zeroization capabilities
|
2024-05-03
|
|
1223884
|
openSUSE Tumbleweed
|
Security
|
okurz
|
NEW
|
---
|
VUL-0: CVE-2024-34063: iamb: vodozemac: degraded secret zeroization capabilities
|
2024-05-03
|
|
1224149
|
openSUSE Tumbleweed
|
Security
|
zkubala
|
CONF
|
---
|
[SELinux] sdbootutil (snapperd_t) fails to execute systemd-pcrlock (init_exec_t)
|
2024-06-28
|
|
1224392
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
zypper dup installs openssh-server-config-rootlogin which allows ssh login with password
|
Wed 12:41
|
|
1225317
|
openSUSE Tumbleweed
|
Security
|
wolfgang.frisch
|
IN_P
|
---
|
AUDIT-WHITELIST: systemd: Please review the new DBUS /polkit stuff brought by v256
|
Wed 07:38
|
|
1225574
|
openSUSE Tumbleweed
|
Security
|
wolfgang.frisch
|
REOP
|
---
|
AUDIT-FIND: apache2-mod_mono: configuration defaults to predictable socket path in /tmp
|
2024-06-20
|
|
1225774
|
openSUSE Tumbleweed
|
Security
|
security-team
|
IN_P
|
---
|
VUL-0: CVE-2024-36041: plasma5-workspace,plasma6-workspace: ksmserver: Unauthorized users can access session manager
|
2024-06-10
|
|
1226021
|
openSUSE Tumbleweed
|
Security
|
Andreas.Stieger
|
NEW
|
---
|
VUL-0: CVE-2024-5171: chromium,libaom,libvpx: heap buffer overflow in img_alloc_helper() caused by integer overflow
|
2024-06-06
|
|
1226824
|
openSUSE Tumbleweed
|
Security
|
cathy.hu
|
NEW
|
---
|
[SELinux] growpart-generator AVC denials
|
Tue 14:41
|
|
1227034
|
openSUSE Tumbleweed
|
Security
|
rrahl0
|
NEW
|
---
|
VUL-0: CVE-2024-6104: forgejo: hashicorp/go-retryablehttp: url might write sensitive information to log file
|
2024-06-26
|
|
1227273
|
openSUSE Tumbleweed
|
Security
|
mmachova
|
IN_P
|
---
|
VUL-0: CVE-2024-39303: Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ...
|
Fri 07:46
|
|
1227376
|
openSUSE Tumbleweed
|
Security
|
alexandre.vicenzi
|
NEW
|
---
|
VUL-0: CVE-2024-6284: tailscale: google/nftables: incorrect IP address encoded bytes may lead to unwanted behavior
|
2024-07-12
|
|
1227486
|
openSUSE Tumbleweed
|
Security
|
fabian
|
NEW
|
---
|
VUL-0: kmozillahelper: helper might circumvent Firefox security settings
|
2024-07-14
|
|
1227506
|
openSUSE Tumbleweed
|
Security
|
max
|
CONF
|
---
|
freshclam is not quiet anymore
|
2024-07-08
|
|
1227908
|
openSUSE Tumbleweed
|
Security
|
ematsumiya
|
NEW
|
---
|
auditd obsolete built-in options
|
Thu 19:25
|
|
1228058
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
AUDIT-0: emacs: setgid-games shared highscore helper program
|
Fri 07:13
|
|
1228108
|
openSUSE Tumbleweed
|
Security
|
cathy.hu
|
NEW
|
---
|
[SELinux] sle micro 5.3 denials
|
Thu 12:39
|
|
1228173
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
getsubids throws `libsubid_sss.so did not provide @subid_free@`
|
17:29:22
|
|
1228174
|
openSUSE Tumbleweed
|
Security
|
security-team
|
NEW
|
---
|
[SELinux] Some kmsg related AVC denials
|
18:34:23
|
