Opensuse Tumbleweed
10 CVEs affecting Opensuse Tumbleweed. Latest disclosed: 2025-11-20. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-28321 | Critical | 9.8 | 2022-09-19 | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict… |
CVE-2021-25315 | Critical | 9.8 | 2021-03-03 | CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary c… |
CVE-2020-8026 | High | 8.4 | 2020-08-07 | A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers wit… |
CVE-2023-32183 | High | 7.8 | 2023-07-07 | Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue a… |
CVE-2022-31250 | High | 7.1 | 2022-07-20 | A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This… |
CVE-2024-49505 | Medium | 6.1 | 2024-11-13 | A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of… |
CVE-2025-62875 | Medium | 5.5 | 2025-11-20 | An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbl… |
CVE-2025-53881 | | 2025-10-02 | A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This i… | |
CVE-2025-46810 | | 2025-09-02 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue… | |
CVE-2024-49506 | | 2024-11-13 | Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a f… |