Opensuse

Leap

1897 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-10803

  • EPSS 3.55%
  • Veröffentlicht 22.03.2020 05:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:06

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Displa...

8

CVE-2020-10804

  • EPSS 2.44%
  • Veröffentlicht 22.03.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:06

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the...

7.5

CVE-2019-17185

  • EPSS 0.46%
  • Veröffentlicht 21.03.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:49

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are in...

6.1

CVE-2019-18860

  • EPSS 1.22%
  • Veröffentlicht 20.03.2020 21:15:16
  • Zuletzt bearbeitet 21.11.2024 04:33:44

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

4.8

CVE-2020-5267

Exploit
  • EPSS 0.89%
  • Veröffentlicht 19.03.2020 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:33:48

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in...

7.8

CVE-2020-10648

Exploit
  • EPSS 0.12%
  • Veröffentlicht 19.03.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:46

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.

6.5

CVE-2019-12921

  • EPSS 6.53%
  • Veröffentlicht 18.03.2020 19:15:16
  • Zuletzt bearbeitet 21.11.2024 04:23:49

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

7.1

CVE-2020-0556

  • EPSS 0.16%
  • Veröffentlicht 12.03.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 04:53:45

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

8.8

CVE-2020-10531

  • EPSS 0.79%
  • Veröffentlicht 12.03.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:31

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

6.8

CVE-2020-7598

Exploit
  • EPSS 0.25%
  • Veröffentlicht 11.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:37:26

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.