Total
143 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6422 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-6424 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-6429 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2018-12476 | 1 Suse | 3 Obs-service-tar Scm, Opensuse Factory, Suse Linux Enterprise Server | 2023-12-10 | 6.4 MEDIUM | 7.5 HIGH |
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. | |||||
CVE-2019-18900 | 2 Opensuse, Suse | 3 Libzypp, Caas Platform, Suse Linux Enterprise Server | 2023-12-10 | 2.1 LOW | 3.3 LOW |
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. | |||||
CVE-2019-3691 | 2 Opensuse, Suse | 3 Factory, Munge, Suse Linux Enterprise Server | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1. | |||||
CVE-2019-3688 | 1 Suse | 1 Suse Linux Enterprise Server | 2023-12-10 | 6.6 MEDIUM | 7.1 HIGH |
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary | |||||
CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | |||||
CVE-2019-15624 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports, Suse Linux Enterprise Server | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | |||||
CVE-2019-18898 | 2 Opensuse, Suse | 4 Leap, Opensuse Factory, Suse Linux Enterprise Server and 1 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. | |||||
CVE-2018-20105 | 3 Opensuse, Suse, Yast2-rmt Project | 3 Leap, Suse Linux Enterprise Server, Yast2-rmt | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. | |||||
CVE-2019-3475 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||||
CVE-2018-19655 | 2 Dcraw Project, Suse | 3 Dcraw, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. | |||||
CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | |||||
CVE-2019-3474 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||||
CVE-2018-6556 | 4 Canonical, Linuxcontainers, Opensuse and 1 more | 6 Ubuntu Linux, Lxc, Leap and 3 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. | |||||
CVE-2018-12122 | 2 Nodejs, Suse | 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. | |||||
CVE-2018-12116 | 2 Nodejs, Suse | 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server. | |||||
CVE-2018-19208 | 3 Libwpd Project, Redhat, Suse | 3 Libwpd, Enterprise Linux, Suse Linux Enterprise Server | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. | |||||
CVE-2018-19052 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Backports Sle and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. |