OpenSuse
Products by OpenSuse Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in OpenSuse . Last year OpenSuse had 10 security vulnerabilities published. Right now, OpenSuse is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 10 | 7.23 |
2022 | 15 | 6.95 |
2021 | 12 | 6.98 |
2020 | 765 | 6.84 |
2019 | 651 | 6.90 |
2018 | 108 | 7.33 |
It may take a day or so for new OpenSuse vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenSuse Security Vulnerabilities
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix
CVE-2023-32182
7.8 - High
- September 19, 2023
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
insecure temporary file
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user
CVE-2023-32184
7.8 - High
- September 19, 2023
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.
Insecure Storage of Sensitive Information
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-30079
- August 22, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-30078
- August 22, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-32181. Reason: This record is a duplicate of CVE-2023-32181. Notes: All CVE users should reference CVE-2023-32181 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package
CVE-2023-32183
7.8 - High
- July 07, 2023
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.
Incorrect Default Permissions
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS
CVE-2023-22652
6.5 - Medium
- June 01, 2023
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.
Classic Buffer Overflow
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf
CVE-2023-32181
6.5 - Medium
- June 01, 2023
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2.
Classic Buffer Overflow
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration
CVE-2022-45153
7.8 - High
- February 15, 2023
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
Incorrect Default Permissions
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste
CVE-2022-21948
6.1 - Medium
- February 07, 2023
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.
XSS
Travel support program is a rails app to support the travel support program of openSUSE (TSP)
CVE-2022-46163
7.5 - High
- January 10, 2023
Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The travel-support-program uses the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The `*_start`, `*_end` or `*_cont` search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force (A match is indicated by the returned JSON not being empty). A single bank account number can be extracted with <200 requests, a password hash can be extracted with ~1200 requests, all within a few minutes. The problem has been patched in commit d22916275c51500b4004933ff1b0a69bc807b2b7. In order to work around this issue, you can also cherry pick that patch, however it will not work without the Rails 5.0 migration that was done in #150, which in turn had quite a few pull requests it depended on.
SQL Injection
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory
CVE-2022-31253
7.8 - High
- November 09, 2022
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
Untrusted Path
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory
CVE-2022-31256
7.8 - High
- October 26, 2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
insecure temporary file
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components
CVE-2022-31252
4.4 - Medium
- October 06, 2022
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
AuthZ
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory
CVE-2022-31251
6.3 - Medium
- September 07, 2022
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
Incorrect Default Permissions
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed
CVE-2022-31250
7.8 - High
- July 20, 2022
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.
insecure temporary file
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service
CVE-2022-21949
8.8 - High
- May 03, 2022
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.
XXE
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form
CVE-2021-36777
8.8 - High
- March 09, 2022
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable
CVE-2021-44568
6.5 - Medium
- February 21, 2022
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
Memory Corruption
An issue was discovered in Cobbler before 3.3.1
CVE-2021-45082
7.8 - High
- February 19, 2022
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Command Injection
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0368
7.8 - High
- January 26, 2022
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Read
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory
CVE-2021-36781
4.4 - Medium
- January 14, 2022
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
Incorrect Default Permissions
An issue was discovered in uriparser before 0.9.6
CVE-2021-46141
5.5 - Medium
- January 06, 2022
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
Dangling pointer
An issue was discovered in uriparser before 0.9.6
CVE-2021-46142
5.5 - Medium
- January 06, 2022
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
Dangling pointer
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names
CVE-2021-41819
7.5 - High
- January 01, 2022
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Reliance on Cookies without Validation and Integrity Checking
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string
CVE-2021-41817
7.5 - High
- January 01, 2022
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
ReDoS
vim is vulnerable to Out-of-bounds Read
CVE-2021-4166
7.1 - High
- December 25, 2021
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17
CVE-2021-33938
7.5 - High
- September 02, 2021
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
Memory Corruption
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17
CVE-2021-33930
7.5 - High
- September 02, 2021
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
Memory Corruption
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17
CVE-2021-33929
7.5 - High
- September 02, 2021
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
Memory Corruption
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17
CVE-2021-33928
7.5 - High
- September 02, 2021
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
Memory Corruption
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory
CVE-2021-32000
7.1 - High
- July 28, 2021
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.
insecure temporary file
Buffer overflow vulnerability in libsolv 2020-12-13
CVE-2021-3200
3.3 - Low
- May 18, 2021
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
Classic Buffer Overflow
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory
CVE-2021-25319
7.8 - High
- May 05, 2021
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.
Incorrect Default Permissions
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed
CVE-2021-25315
7.8 - High
- March 03, 2021
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
authentification
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown
CVE-2020-8031
5.4 - Medium
- February 11, 2021
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.
XSS
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
CVE-2021-26675
8.8 - High
- February 09, 2021
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
Memory Corruption
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information
CVE-2021-26676
6.5 - Medium
- February 09, 2021
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may
CVE-2020-0569
5.7 - Medium
- November 23, 2020
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
Memory Corruption
An issue was discovered in SDDM before 0.19.0
CVE-2020-28049
6.3 - Medium
- November 04, 2020
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
Race Condition
Use after free in payments in Google Chrome prior to 86.0.4240.75
CVE-2020-15967
8.8 - High
- November 03, 2020
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in Blink in Google Chrome prior to 86.0.4240.75
CVE-2020-15968
8.8 - High
- November 03, 2020
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75
CVE-2020-15969
8.8 - High
- November 03, 2020
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in NFC in Google Chrome prior to 86.0.4240.75
CVE-2020-15970
8.8 - High
- November 03, 2020
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in printing in Google Chrome prior to 86.0.4240.75
CVE-2020-15971
8.8 - High
- November 03, 2020
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in audio in Google Chrome prior to 86.0.4240.75
CVE-2020-15972
8.8 - High
- November 03, 2020
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75
CVE-2020-15973
6.5 - Medium
- November 03, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75
CVE-2020-15974
8.8 - High
- November 03, 2020
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Integer Overflow or Wraparound
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75
CVE-2020-15975
8.8 - High
- November 03, 2020
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Integer Overflow or Wraparound
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75
CVE-2020-15976
8.8 - High
- November 03, 2020
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75
CVE-2020-15977
6.5 - Medium
- November 03, 2020
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
Improper Input Validation
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75
CVE-2020-15978
8.8 - High
- November 03, 2020
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Improper Input Validation
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75
CVE-2020-15979
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75
CVE-2020-15980
7.8 - High
- November 03, 2020
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75
CVE-2020-15981
6.5 - Medium
- November 03, 2020
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Out-of-bounds Read
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75
CVE-2020-15982
6.5 - Medium
- November 03, 2020
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75
CVE-2020-15983
7.8 - High
- November 03, 2020
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
Improper Input Validation
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75
CVE-2020-15984
6.5 - Medium
- November 03, 2020
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75
CVE-2020-15985
6.5 - Medium
- November 03, 2020
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
Integer overflow in media in Google Chrome prior to 86.0.4240.75
CVE-2020-15986
6.5 - Medium
- November 03, 2020
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75
CVE-2020-15987
8.8 - High
- November 03, 2020
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
Dangling pointer
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75
CVE-2020-15988
6.3 - Medium
- November 03, 2020
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75
CVE-2020-15989
5.5 - Medium
- November 03, 2020
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Improper Initialization
Use after free in autofill in Google Chrome prior to 86.0.4240.75
CVE-2020-15990
8.8 - High
- November 03, 2020
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in password manager in Google Chrome prior to 86.0.4240.75
CVE-2020-15991
8.8 - High
- November 03, 2020
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75
CVE-2020-15992
8.8 - High
- November 03, 2020
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111
CVE-2020-15999
6.5 - Medium
- November 03, 2020
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111
CVE-2020-16000
8.8 - High
- November 03, 2020
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Use after free in media in Google Chrome prior to 86.0.4240.111
CVE-2020-16001
8.8 - High
- November 03, 2020
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in PDFium in Google Chrome prior to 86.0.4240.111
CVE-2020-16002
8.8 - High
- November 03, 2020
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Dangling pointer
Use after free in printing in Google Chrome prior to 86.0.4240.111
CVE-2020-16003
8.8 - High
- November 03, 2020
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in user interface in Google Chrome prior to 86.0.4240.183
CVE-2020-16004
8.8 - High
- November 03, 2020
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183
CVE-2020-16005
8.8 - High
- November 03, 2020
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183
CVE-2020-16006
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183
CVE-2020-16007
7.8 - High
- November 03, 2020
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
Improper Input Validation
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183
CVE-2020-16008
8.8 - High
- November 03, 2020
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
Memory Corruption
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183
CVE-2020-16009
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183
CVE-2020-16011
9.6 - Critical
- November 03, 2020
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Memory Corruption
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75
CVE-2020-6557
6.5 - Medium
- November 03, 2020
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1
CVE-2020-14323
5.5 - Medium
- October 29, 2020
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
NULL Pointer Dereference
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3
CVE-2020-15683
9.8 - Critical
- October 22, 2020
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
Memory Corruption
An issue was discovered in Xen through 4.14.x
CVE-2020-27670
7.8 - High
- October 22, 2020
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
Insufficient Verification of Data Authenticity
An issue was discovered in Xen through 4.14.x
CVE-2020-27671
7.8 - High
- October 22, 2020
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition
CVE-2020-27672
7 - High
- October 22, 2020
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
Race Condition
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x
CVE-2020-27673
5.5 - Medium
- October 22, 2020
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
ImageMagick 7.0.10-34
CVE-2020-27560
3.3 - Low
- October 22, 2020
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
Divide By Zero
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries)
CVE-2020-14803
5.3 - Medium
- October 21, 2020
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)
CVE-2020-14798
3.1 - Low
- October 21, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)
CVE-2020-14797
3.7 - Low
- October 21, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)
CVE-2020-14796
3.1 - Low
- October 21, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot)
CVE-2020-14792
4.2 - Medium
- October 21, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)
CVE-2020-14782
3.7 - Low
- October 21, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI)
CVE-2020-14781
3.7 - Low
- October 21, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization)
CVE-2020-14779
3.7 - Low
- October 21, 2020
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5
CVE-2020-25829
7.5 - High
- October 16, 2020
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c
CVE-2020-27153
8.6 - High
- October 15, 2020
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
Double-free
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability
CVE-2020-15229
9.3 - Critical
- October 14, 2020
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that.
Directory traversal
A flaw was found in the Linux kernel in versions before 5.9-rc7
CVE-2020-25645
7.5 - High
- October 13, 2020
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Cleartext Transmission of Sensitive Information
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3
CVE-2020-26935
9.8 - Critical
- October 10, 2020
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
SQL Injection
phpMyAdmin before 4.9.6 and 5.x before 5.0.3
CVE-2020-26934
6.1 - Medium
- October 10, 2020
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
XSS
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets
CVE-2020-26164
5.5 - Medium
- October 07, 2020
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Resource Exhaustion