Vulnerabilities > Opensuse > Leap > 15.0

DATE CVE VULNERABILITY TITLE RISK
2020-07-09 CVE-2020-10756 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator.
6.5
2020-01-27 CVE-2018-20105 Information Exposure Through Log Files vulnerability in multiple products
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file.
local
low complexity
yast2-rmt-project opensuse suse CWE-532
5.5
2019-11-26 CVE-2019-12526 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian CWE-787
critical
9.8
2019-11-26 CVE-2019-12523 An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian
critical
9.1
2019-11-22 CVE-2019-18622 SQL Injection vulnerability in multiple products
An issue was discovered in phpMyAdmin before 4.9.2.
network
low complexity
phpmyadmin opensuse fedoraproject CWE-89
critical
9.8
2019-11-15 CVE-2019-14869 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex fedoraproject opensuse CWE-732
8.8
2019-11-14 CVE-2019-11139 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
local
low complexity
debian opensuse intel CWE-754
6.0
2019-11-14 CVE-2019-11135 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. 6.5
2019-11-07 CVE-2019-18805 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11.
network
low complexity
linux opensuse redhat netapp broadcom CWE-190
7.5
2019-11-07 CVE-2019-18804 NULL Pointer Dereference vulnerability in multiple products
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
7.5