openSUSE Tumbleweed
Approved changes feed: RSS · Atom
cpe:2.3:o:opensuse:tumbleweed:-:*:*:*:*:*:*:*
part: o version: - update: *
| Vendor | Opensuse (3380e48e-e718-5685-8ad0-092ef58910e5) |
|---|---|
| Product | Tumbleweed (45b7be0d-b369-5231-8b6c-a16ec713e2e9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/opensuse/tumbleweed |
purl2cpe | 2026-06-01 10:15:36.595807 |
pkg:github/gregkh/tumbleweed |
purl2cpe | 2026-06-01 10:15:36.595810 |
pkg:rpm/opensuse/opensuse-release |
purl2cpe | 2026-06-01 10:15:36.595813 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-32183 |
vulnerable | 2026-06-03 14:51:57.774807 |
Details available
HIGH (7.8)
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root
This issue affects openSUSE Tumbleweed.
Published: 2023-07-07T08:11:07.372Z
Updated: 2024-11-14T19:43:09.836Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28321 |
not_vulnerable | 2026-06-03 14:46:54.713326 |
Details available
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
Published: 2022-09-19T21:10:22.000Z
Updated: 2025-05-29T15:30:36.688Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25315 |
not_vulnerable | 2026-06-03 14:44:05.018195 |
salt-api unauthenticated remote code execution
CRITICAL (9.8)
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
Published: 2021-03-03T09:55:16.356Z
Updated: 2024-09-16T21:03:45.719Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.