Vulnerabilities > Opensuse > Backports SLE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-15623 | Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | 5.0 |
| 2020-01-21 | CVE-2019-18932 | Link Following vulnerability in multiple products log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. | 4.4 |
| 2020-01-16 | CVE-2020-7106 | Cross-site Scripting vulnerability in multiple products Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | 6.1 |
| 2020-01-10 | CVE-2020-1765 | An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. | 5.3 |
| 2020-01-08 | CVE-2020-6615 | NULL Pointer Dereference vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | 4.3 |
| 2020-01-08 | CVE-2020-6614 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | 5.8 |
| 2020-01-08 | CVE-2020-6613 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | 5.8 |
| 2020-01-08 | CVE-2020-6612 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | 5.8 |
| 2020-01-08 | CVE-2020-6611 | NULL Pointer Dereference vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | 4.3 |
| 2020-01-08 | CVE-2020-6609 | Out-of-bounds Read vulnerability in multiple products GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | 6.8 |