Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-1934 6Apache CanonicalDebian+3 more 11Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+8 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-7066 4Debian OpensusePhp+1 more 4Debian Linux LeapPhp+1 more Nov 21, 2024 Apr 1, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may...Show more In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.Show less
CVE-2020-7064 5Canonical DebianOpensuse+2 more 5Debian Linux LeapPhp+2 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory...Show more In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.Show less
CVE-2019-14905 3Fedoraproject OpensuseRedhat 8Ansible Engine Ansible TowerBackports Sle+5 more Nov 21, 2024 Mar 31, 2020 N/A· v4 5.6 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on...Show more A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.Show less
CVE-2020-6095 2Gstreamer Project Opensuse 3Backports Sle Gst Rtsp ServerLeap Nov 21, 2024 Mar 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of...Show more An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2020-1772 3Debian OpensuseOtrs 4Backports Sle Debian LinuxLeap+1 more Nov 21, 2024 Mar 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Co...Show more It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.Show less
CVE-2020-1770 3Debian OpensuseOtrs 4Backports Sle Debian LinuxLeap+1 more Nov 21, 2024 Mar 27, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.1...Show more Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.Show less
CVE-2020-1769 2Opensuse Otrs 3Backports Sle LeapOtrs Nov 21, 2024 Mar 27, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior version...Show more In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.Show less
CVE-2020-10942 4Canonical DebianLinux+1 more 4Debian Linux LeapLinux Kernel+1 more Nov 21, 2024 Mar 24, 2020 N/A· v4 5.3 MEDIUM· v3 5.4 MEDIUM· v2 In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVE-2020-10938 3Debian GraphicsmagickOpensuse 4Backports Debian LinuxGraphicsmagick+1 more Nov 21, 2024 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2020-1747 4Fedoraproject OpensuseOracle+1 more 4Communications Cloud Native Core Network Function Cloud Native Environment FedoraLeap+1 more Nov 21, 2024 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoade...Show more A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.Show less
CVE-2020-6449 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6429 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6428 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6427 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6426 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6425 4Debian FedoraprojectGoogle+1 more 4Backports ChromeDebian Linux+1 more Nov 21, 2024 Mar 23, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
CVE-2020-6424 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6422 5Debian FedoraprojectGoogle+2 more 6Backports Sle ChromeDebian Linux+3 more Nov 21, 2024 Mar 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-10593 2Opensuse Torproject 3Backports Sle LeapTor Nov 21, 2024 Mar 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit...Show more Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.Show less

Previous 1...323334...164 Next