Tumbleweed
Approved changes feed: RSS · Atom
cpe:2.3:a:opensuse:tumbleweed:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Opensuse (3380e48e-e718-5685-8ad0-092ef58910e5) |
|---|---|
| Product | Tumbleweed (45b7be0d-b369-5231-8b6c-a16ec713e2e9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/opensuse/tumbleweed |
purl2cpe | 2026-06-01 10:15:36.593237 |
pkg:github/gregkh/tumbleweed |
purl2cpe | 2026-06-01 10:15:36.593240 |
pkg:rpm/opensuse/opensuse-release |
purl2cpe | 2026-06-01 10:15:36.593243 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-62875 |
vulnerable | 2026-06-03 15:09:35.636451 |
Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock
An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD.
This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
Published: 2025-11-20T16:02:11.542Z
Updated: 2025-11-21T16:28:18.612Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53881 |
vulnerable | 2026-06-03 15:03:55.286216 |
SUSE-specific logrotate configuration allows escalation from mail user/group to root
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.
Published: 2025-10-02T13:51:56.848Z
Updated: 2025-10-02T17:38:57.426Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46810 |
vulnerable | 2026-06-03 15:01:28.077804 |
Details available
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.
Published: 2025-09-02T11:34:32.138Z
Updated: 2026-02-26T17:49:54.935Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-49506 |
vulnerable | 2026-06-03 14:57:12.633555 |
Fixed temporary file path in aeon-checks allows fixing of disk encryption key
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem
Published: 2024-11-13T14:15:09.354Z
Updated: 2024-11-21T16:14:24.983Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-49505 |
vulnerable | 2026-06-03 14:57:12.631969 |
XSS vulnerability found in OpenSuse MirrorCache
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters.
This issue affects MirrorCache before 1.083.
Published: 2024-11-13T14:21:00.317Z
Updated: 2024-11-13T18:38:11.311Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32183 |
not_vulnerable | 2026-06-03 14:51:57.773953 |
Details available
HIGH (7.8)
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root
This issue affects openSUSE Tumbleweed.
Published: 2023-07-07T08:11:07.372Z
Updated: 2024-11-14T19:43:09.836Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31250 |
vulnerable | 2026-06-03 14:47:11.010942 |
keylime %post scriplet allows for privilege escalation from keylime user to root
HIGH (7.1)
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.
Published: 2022-07-20T07:55:11.167Z
Updated: 2024-09-17T01:06:35.227Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25315 |
vulnerable | 2026-06-03 14:44:05.017126 |
salt-api unauthenticated remote code execution
CRITICAL (9.8)
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
Published: 2021-03-03T09:55:16.356Z
Updated: 2024-09-16T21:03:45.719Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8026 |
vulnerable | 2026-06-03 14:43:07.934060 |
inn: non-root owned files
HIGH (8.4)
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
Published: 2020-08-07T09:25:13.939Z
Updated: 2024-09-16T16:57:41.593Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.