Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2020-27670 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
local
high complexity
xen opensuse fedoraproject debian CWE-345
7.8
7.8
2020-10-22 CVE-2020-15683 Use After Free vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3.
network
low complexity
mozilla debian opensuse CWE-416
critical
 9.8
9.8
2020-10-22 CVE-2020-27560 Divide By Zero vulnerability in multiple products
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
local
low complexity
imagemagick debian opensuse CWE-369
3.3
3.3
2020-10-16 CVE-2020-25829 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5.
network
low complexity
powerdns opensuse
7.5
7.5
2020-10-15 CVE-2020-27153 Double Free vulnerability in multiple products
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c.
network
low complexity
bluez debian opensuse CWE-415
8.6
8.6
2020-10-14 CVE-2020-15229 Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
network
low complexity
sylabs opensuse
critical
 9.3
9.3
2020-10-13 CVE-2020-25645 A flaw was found in the Linux kernel in versions before 5.9-rc7.
network
low complexity
linux debian netapp opensuse canonical
7.5
7.5
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
 9.8
9.8
2020-10-10 CVE-2020-26934 Cross-site Scripting vulnerability in multiple products
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-79
6.1
6.1
2020-10-07 CVE-2020-26164 Resource Exhaustion vulnerability in multiple products
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
local
low complexity
kde opensuse CWE-400
5.5
5.5