Filtered by vendor Suse Subscriptions
Filtered by product Linux Enterprise Subscriptions
Total 139 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-19880 8 Debian, Netapp, Opensuse and 5 more 13 Debian Linux, Cloud Backup, Backports Sle and 10 more 2024-08-05 7.5 High
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVE-2019-13734 8 Canonical, Debian, Fedoraproject and 5 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2024-08-05 8.8 High
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-13764 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-08-05 8.8 High
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-13745 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-08-05 6.5 Medium
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-11730 5 Debian, Mozilla, Opensuse and 2 more 8 Debian Linux, Firefox, Firefox Esr and 5 more 2024-08-04 6.5 Medium
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVE-2019-11709 5 Debian, Mozilla, Opensuse and 2 more 8 Debian Linux, Firefox, Firefox Esr and 5 more 2024-08-04 9.8 Critical
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVE-2019-7443 4 Fedoraproject, Kde, Opensuse and 1 more 5 Fedora, Kauth, Backports and 2 more 2024-08-04 N/A
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
CVE-2019-6690 5 Canonical, Debian, Opensuse and 2 more 6 Ubuntu Linux, Debian Linux, Leap and 3 more 2024-08-04 7.5 High
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
CVE-2020-24368 3 Debian, Icinga, Suse 4 Debian Linux, Icinga Web 2, Linux Enterprise and 1 more 2024-08-04 7.5 High
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.
CVE-2020-14147 4 Debian, Oracle, Redislabs and 1 more 4 Debian Linux, Communications Operations Monitor, Redis and 1 more 2024-08-04 7.7 High
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
CVE-2020-10802 5 Debian, Fedoraproject, Opensuse and 2 more 7 Debian Linux, Fedora, Backports Sle and 4 more 2024-08-04 8.0 High
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
CVE-2020-10803 5 Debian, Fedoraproject, Opensuse and 2 more 7 Debian Linux, Fedora, Backports Sle and 4 more 2024-08-04 5.4 Medium
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.
CVE-2020-10804 4 Fedoraproject, Opensuse, Phpmyadmin and 1 more 6 Fedora, Backports Sle, Leap and 3 more 2024-08-04 8.0 High
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
CVE-2020-7106 5 Cacti, Debian, Fedoraproject and 2 more 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more 2024-08-04 6.1 Medium
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
CVE-2020-6394 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-08-04 5.4 Medium
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6392 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-08-04 4.3 Medium
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVE-2020-6402 7 Apple, Debian, Fedoraproject and 4 more 11 Macos, Debian Linux, Fedora and 8 more 2024-08-04 8.8 High
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
CVE-2020-6408 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-08-04 6.5 Medium
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
CVE-2020-6415 6 Debian, Fedoraproject, Google and 3 more 10 Debian Linux, Fedora, Chrome and 7 more 2024-08-04 8.8 High
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6403 7 Apple, Debian, Fedoraproject and 4 more 11 Iphone Os, Debian Linux, Fedora and 8 more 2024-08-04 4.3 Medium
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.