← Back

Opensuse

opensuse

3,271 CVEs • 50 products

Products (50)

Click to collapse
Toggle
Leap
leap
1,898 CVEs
Opensuse
opensuse
1,454 CVEs
Backports Sle
backports_sle
326 CVEs
Backports
backports
97 CVEs
Evergreen
evergreen
43 CVEs
Open Build Service
open_build_service
22 CVEs
Libsolv
libsolv
13 CVEs
Factory
factory
10 CVEs
Supportutils
supportutils
6 CVEs
Libzypp
libzypp
5 CVEs
Tumbleweed
tumbleweed
4 CVEs
Zypper
zypper
3 CVEs
Openldap2
openldap2
3 CVEs
Osc
osc
2 CVEs
Suse Linux Enterprise Server
suse_linux_enterprise_server
2 CVEs
Cryptctl
cryptctl
2 CVEs
Munge
munge
2 CVEs
Wicked
wicked
2 CVEs
Pcp
pcp
2 CVEs
Texlive Filesystem
texlive-filesystem
2 CVEs
Rmt Server
rmt-server
2 CVEs
Cscreen
cscreen
2 CVEs
Libeconf
libeconf
2 CVEs
Openstack Cloud
openstack_cloud
1 CVE
Libstorage
libstorage
1 CVE
Libstorage Ng
libstorage-ng
1 CVE
Obs Service Source Validator
obs-service-source_validator
1 CVE
Open Buildservice
open_buildservice
1 CVE
Sysconfig
sysconfig
1 CVE
Tar Scm
tar_scm
1 CVE
Package Hub
package_hub
1 CVE
Yast2 Multipath
yast2-multipath
1 CVE
Yast2 Samba Provision
yast2-samba-provision
1 CVE
Yast2 Printer
yast2-printer
1 CVE
Munin
munin
1 CVE
Suse Package Hub
suse_package_hub
1 CVE
Autoyast2
autoyast2
1 CVE
Hylafax+
hylafax+
1 CVE
Tumbleweed Kopano Spamd
tumbleweed_kopano-spamd
1 CVE
Cyrus Sasl
cyrus-sasl
1 CVE
Python Postorius
python-postorius
1 CVE
Inn
inn
1 CVE
Factory Watchman
factory_watchman
1 CVE
Canna
canna
1 CVE
Leap Micro
leap_micro
1 CVE
Travel Support Program
travel_support_program
1 CVE
Libzypp Plugin Appdata
libzypp-plugin-appdata
1 CVE
Paste
paste
1 CVE
Welcome
welcome
1 CVE
Mirrorcache
mirrorcache
1 CVE

CVEs (3,271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-6401
2Google
Opensuse
2Backports Sle
Chrome
Nov 21, 2024
Feb 11, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2020-6400
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6399
2Google
Opensuse
2Backports Sle
Chrome
Nov 21, 2024
Feb 11, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6398
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2020-6397
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6396
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6394
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
5.4 MEDIUM· v3
5.8 MEDIUM· v2
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6393
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6392
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extens...Show more
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.Show less
CVE-2020-6391
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6390
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6385
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2020-6382
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6381
6Debian
FedoraprojectGoogle+3 more
8Backports Sle
ChromeDebian Linux+5 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-14553
5Canonical
DebianFedoraproject+2 more
5Debian Linux
FedoraLeap+2 more
Nov 21, 2024
Feb 11, 2020
N/A· v4
7.5 HIGH· v3
4.3 MEDIUM· v2
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (...Show more
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).Show less
CVE-2020-7217
1Opensuse
1Wicked
Nov 21, 2024
Feb 11, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id.
CVE-2020-7060
5Debian
OpensuseOracle+2 more
5Communications Diameter Signaling Router
Debian LinuxLeap+2 more
Nov 21, 2024
Feb 10, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big...Show more
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.Show less
CVE-2020-7059
5Debian
OpensuseOracle+2 more
5Communications Diameter Signaling Router
Debian LinuxLeap+2 more
Nov 21, 2024
Feb 10, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the all...Show more
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.Show less
CVE-2020-1700
4Canonical
CephOpensuse+1 more
4Ceph
LeapOpenshift Container Storage+1 more
Nov 21, 2024
Feb 7, 2020
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket conn...Show more
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.Show less
CVE-2019-15606
5Debian
NodejsOpensuse+2 more
7Communications Cloud Native Core Network Function Cloud Native Environment
Debian LinuxEnterprise Linux+4 more
Nov 21, 2024
Feb 7, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons