Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 3124 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15989 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2020-15990 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-14376 3 Canonical, Dpdk, Opensuse 3 Ubuntu Linux, Data Plane Development Kit, Leap 2024-02-04 6.9 MEDIUM 7.8 HIGH
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-27560 3 Debian, Imagemagick, Opensuse 3 Debian Linux, Imagemagick, Leap 2024-02-04 4.3 MEDIUM 3.3 LOW
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVE-2020-15975 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15195 2 Google, Opensuse 2 Tensorflow, Leap 2024-02-04 6.5 MEDIUM 8.8 HIGH
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE-2021-26675 3 Debian, Intel, Opensuse 3 Debian Linux, Connman, Leap 2024-02-04 5.8 MEDIUM 8.8 HIGH
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
CVE-2020-16001 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15967 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-8032 1 Opensuse 1 Cyrus-sasl 2024-02-04 6.9 MEDIUM 7.0 HIGH
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
CVE-2020-26116 7 Canonical, Debian, Fedoraproject and 4 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-02-04 6.4 MEDIUM 7.2 HIGH
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
CVE-2020-25600 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-02-04 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.
CVE-2020-8027 2 Opensuse, Suse 3 Leap, Openldap2, Linux Enterprise Server 2024-02-04 4.6 MEDIUM 6.6 MEDIUM
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
CVE-2020-6561 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-15988 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 6.8 MEDIUM 6.3 MEDIUM
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
CVE-2020-15683 3 Debian, Mozilla, Opensuse 5 Debian Linux, Firefox, Firefox Esr and 2 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-6566 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-15971 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6558 4 Apple, Debian, Google and 1 more 5 Iphone Os, Debian Linux, Chrome and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-15970 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.