Filtered by vendor Opensuse Subscriptions
Filtered by product Backports Sle Subscriptions
Total 329 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-26935 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports Sle and 2 more 2024-11-21 9.8 Critical
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
CVE-2020-26934 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports Sle and 2 more 2024-11-21 6.1 Medium
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
CVE-2020-26164 2 Kde, Opensuse 3 Kdeconnect, Backports Sle, Leap 2024-11-21 5.5 Medium
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
CVE-2020-25829 2 Opensuse, Powerdns 3 Backports Sle, Leap, Recursor 2024-11-21 7.5 High
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
CVE-2020-25032 3 Debian, Flask-cors Project, Opensuse 4 Debian Linux, Flask-cors, Backports Sle and 1 more 2024-11-21 7.5 High
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
CVE-2020-24972 3 Fedoraproject, Kleopatra Project, Opensuse 4 Fedora, Kleopatra, Backports Sle and 1 more 2024-11-21 8.8 High
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
CVE-2020-24614 3 Fedoraproject, Fossil-scm, Opensuse 4 Fedora, Fossil, Backports Sle and 1 more 2024-11-21 8.8 High
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
CVE-2020-1772 3 Debian, Opensuse, Otrs 4 Debian Linux, Backports Sle, Leap and 1 more 2024-11-21 6.5 Medium
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
CVE-2020-1770 3 Debian, Opensuse, Otrs 4 Debian Linux, Backports Sle, Leap and 1 more 2024-11-21 2.4 Low
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
CVE-2020-1769 2 Opensuse, Otrs 3 Backports Sle, Leap, Otrs 2024-11-21 3.5 Low
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
CVE-2020-1765 3 Debian, Opensuse, Otrs 4 Debian Linux, Backports Sle, Leap and 1 more 2024-11-21 3.5 Low
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
CVE-2020-17353 4 Debian, Fedoraproject, Lilypond and 1 more 5 Debian Linux, Fedora, Lilypond and 2 more 2024-11-21 9.8 Critical
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
CVE-2020-16118 2 Gnome, Opensuse 3 Balsa, Backports Sle, Leap 2024-11-21 7.5 High
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
CVE-2020-16011 4 Debian, Google, Microsoft and 1 more 5 Debian Linux, Chrome, Windows and 2 more 2024-11-21 9.6 Critical
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16009 7 Cefsharp, Debian, Fedoraproject and 4 more 9 Cefsharp, Debian Linux, Fedora and 6 more 2024-11-21 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16008 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.8 High
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
CVE-2020-16007 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, Backports Sle and 1 more 2024-11-21 7.8 High
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
CVE-2020-16006 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16005 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.8 High
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16004 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.8 High
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.