Opensuse Tumbleweed

10 CVEs affecting Opensuse Tumbleweed. Latest disclosed: 2025-11-20. Critical: 2, High: 3.

Top CVEs affecting Opensuse Tumbleweed
CVESeverityScorePublishedSummary
CVE-2022-28321Critical9.82022-09-19The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict…
CVE-2021-25315Critical9.82021-03-03CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary c…
CVE-2020-8026High8.42020-08-07A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers wit…
CVE-2023-32183High7.82023-07-07Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue a…
CVE-2022-31250High7.12022-07-20A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This…
CVE-2024-49505Medium6.12024-11-13A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of…
CVE-2025-62875Medium5.52025-11-20An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbl…
CVE-2025-538812025-10-02A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This i…
CVE-2025-468102025-09-02A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue…
CVE-2024-495062024-11-13Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a f…