Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2019-16255 Code Injection vulnerability in multiple products
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data.
network
high complexity
ruby-lang debian opensuse oracle CWE-94
8.1
8.1
2019-11-26 CVE-2019-12526 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian CWE-787
critical
 9.8
9.8
2019-11-26 CVE-2019-12523 An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian
critical
 9.1
9.1
2019-11-26 CVE-2019-14856 Improper Authentication vulnerability in multiple products
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
network
low complexity
redhat opensuse CWE-287
6.5
6.5
2019-11-25 CVE-2019-13723 Use After Free vulnerability in multiple products
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject opensuse redhat CWE-416
8.8
8.8
2019-11-25 CVE-2019-13720 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google opensuse CWE-416
8.8
8.8
2019-11-25 CVE-2019-13719 Insecure Storage of Sensitive Information vulnerability in multiple products
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
network
low complexity
google opensuse CWE-922
4.3
4.3
2019-11-25 CVE-2019-13718 Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google opensuse
4.3
4.3
2019-11-25 CVE-2019-13717 Insecure Storage of Sensitive Information vulnerability in multiple products
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
network
low complexity
google opensuse CWE-922
4.3
4.3
2019-11-25 CVE-2019-13716 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google opensuse CWE-863
4.3
4.3