Opensuse

Backports Sle

326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-6391

Exploit
  • EPSS 1.74%
  • Veröffentlicht 11.02.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.

4.3

CVE-2020-6392

Exploit
  • EPSS 1.74%
  • Veröffentlicht 11.02.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

6.5

CVE-2020-6393

  • EPSS 1.45%
  • Veröffentlicht 11.02.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

5.8

CVE-2020-6394

Exploit
  • EPSS 1.06%
  • Veröffentlicht 11.02.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5

CVE-2020-8118

Exploit
  • EPSS 1.32%
  • Veröffentlicht 04.02.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:19

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

5.3

CVE-2019-15623

Exploit
  • EPSS 0.32%
  • Veröffentlicht 04.02.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:29:09

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

7.8

CVE-2019-3693

  • EPSS 0.18%
  • Veröffentlicht 24.01.2020 10:15:12
  • Zuletzt bearbeitet 21.11.2024 04:42:20

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrar...

7.8

CVE-2019-3692

Exploit
  • EPSS 0.17%
  • Veröffentlicht 24.01.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 04:42:20

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and pr...

9.3

CVE-2020-7040

  • EPSS 5.19%
  • Veröffentlicht 21.01.2020 21:15:16
  • Zuletzt bearbeitet 21.11.2024 05:36:32

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of sto...

7

CVE-2019-18932

  • EPSS 0.07%
  • Veröffentlicht 21.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:33:51

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner...