Filtered by vendor Opensuse
Subscribe
Total
3124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14356 | 6 Canonical, Debian, Linux and 3 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
| CVE-2020-2812 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-13844 | 2 Arm, Opensuse | 15 Cortex-a32, Cortex-a32 Firmware, Cortex-a34 and 12 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." | |||||
| CVE-2020-11652 | 6 Blackberry, Canonical, Debian and 3 more | 6 Workspaces Server, Ubuntu Linux, Debian Linux and 3 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. | |||||
| CVE-2020-11077 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. | |||||
| CVE-2020-6424 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-14714 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-14673 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-04 | 4.7 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2020-1770 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | |||||
| CVE-2020-12771 | 6 Canonical, Debian, Linux and 3 more | 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | |||||
| CVE-2020-6097 | 3 Atftp Project, Debian, Opensuse | 3 Atftp, Debian Linux, Leap | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2020-14677 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-04 | 4.4 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-6095 | 2 Gstreamer Project, Opensuse | 3 Gst-rtsp-server, Backports Sle, Leap | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2020-14397 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | |||||
| CVE-2020-2748 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-04 | 2.1 LOW | 3.2 LOW |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). | |||||
| CVE-2020-2959 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2018-21247 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | |||||
| CVE-2020-14422 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Enterprise Manager Ops Center and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. | |||||
| CVE-2020-2830 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-6482 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||