Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2019-12-13 CVE-2014-3495 Improper Certificate Validation vulnerability in multiple products
duplicity 0.6.24 has improper verification of SSL certificates
network
low complexity
debian opensuse CWE-295
7.5
7.5
2019-12-13 CVE-2014-2387 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
local
low complexity
pen-project opensuse debian CWE-668
4.4
4.4
2019-12-13 CVE-2019-16777 Improper Privilege Management vulnerability in multiple products
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite.
network
low complexity
npmjs opensuse oracle fedoraproject redhat CWE-269
6.5
6.5
2019-12-13 CVE-2019-16776 Path Traversal vulnerability in multiple products
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write.
network
low complexity
npmjs opensuse oracle fedoraproject redhat CWE-22
8.1
8.1
2019-12-13 CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write.
network
low complexity
redhat npmjs opensuse oracle fedoraproject
6.5
6.5
2019-12-12 CVE-2019-17358 Deserialization of Untrusted Data vulnerability in multiple products
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays.
network
low complexity
cacti debian opensuse CWE-502
8.1
8.1
2019-12-11 CVE-2019-19583 An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case.
network
low complexity
xen fedoraproject opensuse debian
7.5
7.5
2019-12-11 CVE-2013-7370 Cross-site Scripting vulnerability in multiple products
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
network
low complexity
redhat sencha opensuse debian CWE-79
6.1
6.1
2019-12-11 CVE-2019-19604 Missing Authorization vulnerability in multiple products
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. 		7.8
7.8
2019-12-10 CVE-2019-14889 OS Command Injection vulnerability in multiple products
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. 		8.8
8.8