Vulnerabilities > Opensuse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2020-8118 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | 5.0 |
| 2020-02-04 | CVE-2019-15624 | Improper Input Validation vulnerability in multiple products Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | 4.9 |
| 2020-02-04 | CVE-2019-15623 | Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | 5.3 |
| 2020-02-04 | CVE-2019-15613 | Insufficient Verification of Data Authenticity vulnerability in multiple products A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | 8.0 |
| 2020-02-02 | CVE-2019-20446 | Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. | 6.5 |
| 2020-01-31 | CVE-2013-3565 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | 6.1 |
| 2020-01-30 | CVE-2020-8492 | Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | 6.5 |
| 2020-01-29 | CVE-2020-8432 | Double Free vulnerability in multiple products In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. | 9.8 |
| 2020-01-28 | CVE-2020-0549 | Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2020-01-27 | CVE-2006-7246 | Improper Certificate Validation vulnerability in multiple products NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | 6.8 |