4 matches found
CVE-2020-8026
CVE-2020-8026 concerns an Incorrect Default Permissions in the packaging of inn for openSUSE (Leap 15.2, Leap 15.1, and Tumbleweed). The root cause is improper file ownership in /usr/lib/news, allowing local attackers with a new user’s control to escalate to root. Affected versions include inn up...
CVE-2022-31250
CVE-2022-31250 affects openSUSE Tumbleweed keylime prior to 6.4.2-1.1, describing a UNIX Symlink Following vulnerability in the post-install/scriptlet that allows local privilege escalation from the keylime user to root. Affected product/version: keylime on openSUSE Tumbleweed (prior to 6.4.2-1.1...
CVE-2023-32183
The CVE-2023-32183 issue affects openSUSE Tumbleweed hawk2 in the hacluster area. The root cause is Incorrect Default Permissions in hawk2, enabling users with access to hacluster to escalate to root. CVSSv3.1 metrics indicate a Local, Low-Privilege requirement with High impact on confidentiality...
CVE-2025-62875
OpenSMTPD contains an improper check for unusual or exceptional conditions that allows a local user to crash the daemon (local DoS) via a UNIX domain socket (smtpd.sock). Affected product: OpenSMTPD on openSUSE Tumbleweed, affected versions are prior to 7.8.0p0-1.1. Root cause is an insufficient ...