openSUSE Leap 15.4
Approved changes feed: RSS · Atom
cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*
part: o version: 15.4 update: *
| Vendor | Opensuse (3380e48e-e718-5685-8ad0-092ef58910e5) |
|---|---|
| Product | Leap (390d403b-8584-5adf-9fe7-11b9b47bb7b2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/opensuse/leap |
purl2cpe | 2026-06-01 10:15:36.598424 |
pkg:opensuse/leap |
purl2cpe | 2026-06-01 10:15:36.598425 |
pkg:rpm/opensuse/leap-release |
purl2cpe | 2026-06-01 10:15:36.598427 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-31431 |
vulnerable | 2026-06-03 15:19:26.422694 |
crypto: algif_aead - Revert to operating out-of-place
HIGH (7.8)
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
Published: 2026-04-22T08:15:10.123Z
Updated: 2026-05-18T17:44:54.264Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22643 |
not_vulnerable | 2026-06-03 14:49:19.740539 |
libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
MEDIUM (6.3)
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
Published: 2023-02-07T00:00:00.000Z
Updated: 2025-03-25T14:31:19.350Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45153 |
vulnerable | 2026-06-03 14:48:23.844860 |
saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls
HIGH (7)
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
Published: 2023-02-15T00:00:00.000Z
Updated: 2025-03-18T19:25:05.374Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31254 |
not_vulnerable | 2026-06-03 14:47:11.030759 |
rmt-server-pubcloud allows to escalate from user _rmt to root
HIGH (7.8)
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
Published: 2023-02-07T00:00:00.000Z
Updated: 2025-03-25T15:40:27.938Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31252 |
vulnerable | 2026-06-03 14:47:11.021815 |
permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()
MEDIUM (4.4)
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
Published: 2022-10-06T17:14:05.294Z
Updated: 2024-09-16T18:40:06.727Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.