← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-8130
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraLeap+2 more
Nov 21, 2024
Feb 24, 2020
N/A· v4
6.4 MEDIUM· v3
6.9 MEDIUM· v2
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
CVE-2020-8813
5Cacti
DebianFedoraproject+2 more
5Cacti
Debian LinuxFedora+2 more
Nov 21, 2024
Feb 22, 2020
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-9273
5Debian
FedoraprojectOpensuse+2 more
7Backports Sle
Debian LinuxFedora+4 more
Nov 21, 2024
Feb 20, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
CVE-2020-9272
3Opensuse
ProftpdSiemens
5Backports Sle
LeapProftpd+2 more
Nov 21, 2024
Feb 20, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
CVE-2019-20479
4Debian
FedoraprojectOpenidc+1 more
4Debian Linux
FedoraLeap+1 more
Nov 21, 2024
Feb 20, 2020
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
CVE-2020-8992
4Canonical
LinuxNetapp+1 more
10Active Iq Unified Manager
Cloud BackupData Availability Services+7 more
Nov 21, 2024
Feb 14, 2020
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
CVE-2020-0561
2Intel
Opensuse
3Backports
LeapSoftware Guard Extensions Sdk
Nov 21, 2024
Feb 13, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-8955
4Debian
FedoraprojectOpensuse+1 more
5Backports Sle
Debian LinuxFedora+2 more
Nov 21, 2024
Feb 12, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malfor...Show more
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).Show less
CVE-2013-2637
2Opensuse
Otrs
3Faq
OpensuseOtrs Itsm
Nov 21, 2024
Feb 12, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user exe...Show more
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.Show less
CVE-2019-19921
5Canonical
DebianLinuxfoundation+2 more
5Debian Linux
LeapOpenshift Container Platform+2 more
Nov 21, 2024
Feb 12, 2020
N/A· v4
7.0 HIGH· v3
4.4 MEDIUM· v2
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount...Show more
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)Show less
CVE-2020-1711
4Debian
OpensuseQemu+1 more
5Debian Linux
Enterprise LinuxLeap+2 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
6.0 MEDIUM· v3
6.0 MEDIUM· v2
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Bloc...Show more
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.Show less
CVE-2020-6416
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6415
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6414
2Google
Opensuse
2Backports Sle
Chrome
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6413
2Google
Opensuse
2Backports Sle
Chrome
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.
CVE-2020-6412
2Google
Opensuse
2Backports Sle
Chrome
Nov 21, 2024
Feb 11, 2020
N/A· v4
5.4 MEDIUM· v3
5.8 MEDIUM· v2
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2020-6408
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
CVE-2020-6404
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6403
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6402
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extensi...Show more
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.Show less