CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23394 – daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
https://notcve.org/view.php?id=CVE-2025-23394
26 May 2025 — A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23394 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23386 – gerbera: Privilege escalation from user gerbera to root because of insecure %post script
https://notcve.org/view.php?id=CVE-2025-23386
10 Apr 2025 — A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23386 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22038 – DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge
https://notcve.org/view.php?id=CVE-2024-22038
28 Nov 2024 — Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. Varios problemas en obs-scm-bridge permiten a atacantes que crean repositorios git especialmente manipulados filtrar información o provocar una denegación de servicio. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49504 – grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images
https://notcve.org/view.php?id=CVE-2024-49504
13 Nov 2024 — grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22034 – Crafted projects can overwrite special files in the .osc config directory
https://notcve.org/view.php?id=CVE-2024-22034
16 Oct 2024 — Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim Los atacantes podrían colocar los archivos especiales en .osc en las fuentes del paquete real (por ejemplo, _apiurl). Esto permite al atacante cambiar la configuración de osc para la víctima. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034 •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 0CVE-2024-22033 – obs-service-download_url is vulnerable to argument injection
https://notcve.org/view.php?id=CVE-2024-22033
16 Oct 2024 — The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps El servicio OBS obs-service-download_url era vulnerable a una vulnerabilidad de inyección de comandos. El atacante podría proporcionar una configuración al servicio que permitiera ejecutar comandos en pasos posteriores. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22033 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-22029 – tomcat packaging allows for escalation to root from tomcat user
https://notcve.org/view.php?id=CVE-2024-22029
16 Oct 2024 — Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root Los permisos inseguros en el empaquetado de Tomcat permiten que los usuarios locales que ganan una carrera durante la instalación del paquete escalen a la raíz • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32190 – mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable
https://notcve.org/view.php?id=CVE-2023-32190
16 Oct 2024 — mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. El script %post de mlocate permite al usuario RUN_UPDATEDB_AS hacer que archivos arbitrarios sean legibles para todo el mundo abusando de operaciones de archivos inseguras que se ejecutan con privilegios de root. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32190 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45155 – obs-service-go_modules: arbitrary directory delete
https://notcve.org/view.php?id=CVE-2022-45155
15 Mar 2023 — An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1. • https://bugzilla.suse.com/show_bug.cgi?id=1201138 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-32000 – clone-master-clean-up: dangerous file system operations
https://notcve.org/view.php?id=CVE-2021-32000
28 Jul 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-u... • https://bugzilla.suse.com/show_bug.cgi?id=1181050 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •