Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Backports
Total 78 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45082 4 Cobbler Project, Fedoraproject, Opensuse and 1 more 5 Cobbler, Fedora, Backports and 2 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
CVE-2021-46142 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2021-46141 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2020-6425 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-02-04 5.8 MEDIUM 5.4 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
CVE-2020-10938 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2020-10592 2 Opensuse, Torproject 3 Backports, Leap, Tor 2024-02-04 7.8 HIGH 7.5 HIGH
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
CVE-2020-6493 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, Backports and 1 more 2024-02-04 6.8 MEDIUM 9.6 CRITICAL
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6495 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, Backports and 1 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2019-19950 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
CVE-2019-13723 4 Fedoraproject, Google, Opensuse and 1 more 6 Fedora, Chrome, Backports and 3 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-15624 3 Nextcloud, Opensuse, Suse 3 Nextcloud Server, Backports, Suse Linux Enterprise Server 2024-02-04 4.0 MEDIUM 4.9 MEDIUM
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
CVE-2019-20053 2 Opensuse, Upx Project 3 Backports, Leap, Upx 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVE-2019-18899 2 Apt-cacher-ng Project, Opensuse 3 Apt-cacher-ng, Backports, Leap 2024-02-04 2.1 LOW 5.5 MEDIUM
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
CVE-2020-5202 3 Apt-cacher-ng Project, Debian, Opensuse 4 Apt-cacher-ng, Debian Linux, Backports and 1 more 2024-02-04 2.1 LOW 5.5 MEDIUM
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.
CVE-2019-19953 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports and 1 more 2024-02-04 6.4 MEDIUM 9.1 CRITICAL
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
CVE-2019-16709 3 Canonical, Imagemagick, Opensuse 4 Ubuntu Linux, Imagemagick, Backports and 1 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-13730 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6610 2 Gnu, Opensuse 3 Libredwg, Backports, Leap 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVE-2019-13705 2 Google, Opensuse 2 Chrome, Backports 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
CVE-2019-13707 2 Google, Opensuse 2 Chrome, Backports 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.