Opensuse

Backports Sle

326 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-6391

Exploit
  • EPSS 1.74%
  • Published 11.02.2020 15:15:12
  • Last modified 21.11.2024 05:35:38

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.

4.3

CVE-2020-6392

Exploit
  • EPSS 1.74%
  • Published 11.02.2020 15:15:12
  • Last modified 21.11.2024 05:35:38

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

6.5

CVE-2020-6393

  • EPSS 1.45%
  • Published 11.02.2020 15:15:12
  • Last modified 21.11.2024 05:35:38

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

5.8

CVE-2020-6394

Exploit
  • EPSS 1.06%
  • Published 11.02.2020 15:15:12
  • Last modified 21.11.2024 05:35:38

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5

CVE-2020-8118

Exploit
  • EPSS 1.32%
  • Published 04.02.2020 20:15:13
  • Last modified 21.11.2024 05:38:19

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

5.3

CVE-2019-15623

Exploit
  • EPSS 0.32%
  • Published 04.02.2020 20:15:12
  • Last modified 21.11.2024 04:29:09

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

7.8

CVE-2019-3693

  • EPSS 0.18%
  • Published 24.01.2020 10:15:12
  • Last modified 21.11.2024 04:42:20

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrar...

7.8

CVE-2019-3692

Exploit
  • EPSS 0.17%
  • Published 24.01.2020 09:15:13
  • Last modified 21.11.2024 04:42:20

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and pr...

9.3

CVE-2020-7040

  • EPSS 5.19%
  • Published 21.01.2020 21:15:16
  • Last modified 21.11.2024 05:36:32

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of sto...

7

CVE-2019-18932

  • EPSS 0.07%
  • Published 21.01.2020 18:15:12
  • Last modified 21.11.2024 04:33:51

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner...