Filtered by vendor Opensuse
Subscribe
Total
3251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15677 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-11-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2020-15676 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2020-26117 | 3 Debian, Opensuse, Tigervnc | 3 Debian Linux, Leap, Tigervnc | 2022-11-16 | 5.8 MEDIUM | 8.1 HIGH |
| In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. | |||||
| CVE-2019-11556 | 2 Opensuse, Redhat | 3 Backports Sle, Leap, Pagure | 2022-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pagure before 5.6 allows XSS via the templates/blame.html blame view. | |||||
| CVE-2020-10713 | 4 Debian, Gnu, Opensuse and 1 more | 4 Debian Linux, Grub2, Leap and 1 more | 2022-11-16 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-15706 | 7 Canonical, Debian, Gnu and 4 more | 14 Ubuntu Linux, Debian Linux, Grub2 and 11 more | 2022-11-16 | 4.4 MEDIUM | 6.4 MEDIUM |
| GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. | |||||
| CVE-2020-14004 | 2 Icinga, Opensuse | 3 Icinga, Backports Sle, Leap | 2022-11-16 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | |||||
| CVE-2020-13659 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-16 | 1.9 LOW | 2.5 LOW |
| address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | |||||
| CVE-2019-18901 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2022-11-16 | 2.1 LOW | 5.5 MEDIUM |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. | |||||
| CVE-2019-3692 | 2 Opensuse, Suse | 5 Backports Sle, Factory, Leap and 2 more | 2022-11-16 | 7.2 HIGH | 7.8 HIGH |
| The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. | |||||
| CVE-2020-12672 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more | 2022-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | |||||
| CVE-2013-6641 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2022-11-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. | |||||
| CVE-2013-6644 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2022-11-10 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6645 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2022-11-10 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. | |||||
| CVE-2013-6646 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2022-11-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. | |||||
| CVE-2022-31253 | 1 Opensuse | 1 Openldap2 | 2022-11-10 | N/A | 7.8 HIGH |
| A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. | |||||
| CVE-2019-3694 | 2 Opensuse, Suse | 4 Factory, Leap, Munin and 1 more | 2022-11-10 | 7.2 HIGH | 7.8 HIGH |
| A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. | |||||
| CVE-2019-18898 | 2 Opensuse, Suse | 4 Leap, Opensuse Factory, Suse Linux Enterprise Server and 1 more | 2022-11-10 | 7.2 HIGH | 7.8 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. | |||||
| CVE-2019-3693 | 2 Opensuse, Suse | 4 Backports Sle, Leap, Linux Enterprise Server and 1 more | 2022-11-10 | 7.2 HIGH | 7.8 HIGH |
| A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. | |||||
| CVE-2019-15691 | 2 Opensuse, Tigervnc | 2 Leap, Tigervnc | 2022-11-09 | 6.5 MEDIUM | 7.2 HIGH |
| TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | |||||