Vulnerabilities > Opensuse > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-01 CVE-2020-10683 XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project oracle opensuse netapp canonical CWE-611
critical
 9.8
9.8
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
 9.8
9.8
2020-04-27 CVE-2020-12268 Out-of-bounds Write vulnerability in multiple products
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
network
low complexity
artifex debian opensuse CWE-787
critical
 9.8
9.8
2020-04-23 CVE-2020-11945 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Squid before 5.0.2.
network
low complexity
squid-cache debian opensuse fedoraproject canonical CWE-190
critical
 9.8
9.8
2020-04-22 CVE-2019-20787 Integer Overflow or Wraparound vulnerability in multiple products
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.
network
low complexity
teeworlds opensuse CWE-190
critical
 9.8
9.8
2020-04-15 CVE-2019-12519 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid through 4.7.
network
low complexity
squid-cache debian canonical opensuse CWE-787
critical
 9.8
9.8
2020-03-24 CVE-2020-10938 Integer Overflow or Wraparound vulnerability in multiple products
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
network
low complexity
graphicsmagick debian opensuse CWE-190
critical
 9.8
9.8
2020-03-24 CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml fedoraproject opensuse oracle
critical
 9.8
9.8
2020-03-02 CVE-2020-10018 Use After Free vulnerability in multiple products
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. 		9.8
9.8
2020-03-02 CVE-2019-18903 Use After Free vulnerability in multiple products
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.
network
low complexity
suse opensuse CWE-416
critical
 9.8
9.8