Vulnerabilities > Opensuse > Leap > 15.2

DATE CVE VULNERABILITY TITLE RISK
2020-10-15 CVE-2020-27153 Double Free vulnerability in multiple products
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c.
network
low complexity
bluez debian opensuse CWE-415
8.6
8.6
2020-10-14 CVE-2020-15229 Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
network
low complexity
sylabs opensuse
critical
 9.3
9.3
2020-10-13 CVE-2020-25645 A flaw was found in the Linux kernel in versions before 5.9-rc7.
network
low complexity
linux debian netapp opensuse canonical
7.5
7.5
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
 9.8
9.8
2020-10-10 CVE-2020-26934 Cross-site Scripting vulnerability in multiple products
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-79
6.1
6.1
2020-10-07 CVE-2020-26164 Resource Exhaustion vulnerability in multiple products
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
local
low complexity
kde opensuse CWE-400
5.5
5.5
2020-10-07 CVE-2020-11800 Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
network
low complexity
zabbix opensuse debian
critical
 9.8
9.8
2020-10-07 CVE-2020-14355 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. 		6.6
6.6
2020-10-06 CVE-2020-25866 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-476
7.5
7.5
2020-10-06 CVE-2020-25863 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash.
network
low complexity
wireshark fedoraproject opensuse debian oracle
7.5
7.5