Suse

Package Hub

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2024-22033

  • EPSS 1.29%
  • Veröffentlicht 16.10.2024 14:15:05
  • Zuletzt bearbeitet 16.10.2024 16:38:14

The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps

7.5

CVE-2020-24368

Exploit
  • EPSS 2.23%
  • Veröffentlicht 19.08.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:40

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v...

5.4

CVE-2020-10803

  • EPSS 3.55%
  • Veröffentlicht 22.03.2020 05:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:06

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Displa...

8

CVE-2020-10802

  • EPSS 1.62%
  • Veröffentlicht 22.03.2020 05:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:06

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSe...

8

CVE-2020-10804

  • EPSS 2.44%
  • Veröffentlicht 22.03.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:06

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the...

8.8

CVE-2020-6416

Exploit
  • EPSS 3.87%
  • Veröffentlicht 11.02.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:35:41

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2020-6415

Exploit
  • EPSS 2.9%
  • Veröffentlicht 11.02.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:35:41

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2020-6404

Exploit
  • EPSS 1.74%
  • Veröffentlicht 11.02.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:39

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.3

CVE-2020-6396

Exploit
  • EPSS 1.37%
  • Veröffentlicht 11.02.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5

CVE-2020-6397

Exploit
  • EPSS 1.37%
  • Veröffentlicht 11.02.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.