← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-15706
7Canonical
DebianGnu+4 more
14Debian Linux
Enterprise LinuxEnterprise Linux Atomic Host+11 more
Nov 21, 2024
Jul 29, 2020
N/A· v4
6.4 MEDIUM· v3
4.4 MEDIUM· v2
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitra...Show more
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.Show less
CVE-2020-15705
7Canonical
DebianGnu+4 more
14Debian Linux
Enterprise LinuxEnterprise Linux Atomic Host+11 more
Nov 21, 2024
Jul 29, 2020
N/A· v4
6.4 MEDIUM· v3
4.4 MEDIUM· v2
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure b...Show more
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.Show less
CVE-2020-15900
3Artifex
CanonicalOpensuse
3Ghostscript
LeapUbuntu Linux
Nov 21, 2024
Jul 28, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in...Show more
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.Show less
CVE-2020-15103
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraFreerdp+2 more
Nov 21, 2024
Jul 27, 2020
N/A· v4
3.5 LOW· v3
3.5 LOW· v2
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local...Show more
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:autoShow less
CVE-2020-15917
3Claws Mail
FedoraprojectOpensuse
4Backports Sle
Claws MailFedora+1 more
Nov 21, 2024
Jul 23, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
CVE-2020-6536
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
CVE-2020-6535
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2020-6534
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6533
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6531
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6530
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome...Show more
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.Show less
CVE-2020-6529
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
CVE-2020-6528
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6527
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6526
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6525
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6524
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6523
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6522
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
9.6 CRITICAL· v3
6.8 MEDIUM· v2
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6521
4Debian
FedoraprojectGoogle+1 more
5Backports Sle
ChromeDebian Linux+2 more
Nov 21, 2024
Jul 22, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.