Vulnerabilities > Opensuse > Backports SLE > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-16 CVE-2020-7106 Cross-site Scripting vulnerability in multiple products
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
network
low complexity
cacti debian opensuse suse fedoraproject CWE-79
6.1
6.1
2020-01-10 CVE-2020-1765 An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound.
network
low complexity
otrs debian opensuse
5.3
5.3
2020-01-08 CVE-2020-6615 NULL Pointer Dereference vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
network
low complexity
gnu opensuse CWE-476
6.5
6.5
2020-01-08 CVE-2020-6611 NULL Pointer Dereference vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
network
low complexity
gnu opensuse CWE-476
6.5
6.5
2020-01-06 CVE-2019-18179 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23.
network
low complexity
otrs debian opensuse
4.3
4.3
2020-01-03 CVE-2019-5846 Out-of-bounds Write vulnerability in multiple products
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google opensuse CWE-787
6.5
6.5
2020-01-03 CVE-2019-5845 Out-of-bounds Write vulnerability in multiple products
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google opensuse CWE-787
6.5
6.5
2020-01-03 CVE-2019-5844 Out-of-bounds Write vulnerability in multiple products
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google opensuse CWE-787
6.5
6.5
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors.
network
low complexity
redhat debian opensuse
6.5
6.5
2019-12-27 CVE-2019-20015 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in GNU LibreDWG 0.92.
network
low complexity
gnu opensuse CWE-770
6.5
6.5