Vulnerabilities > Opensuse > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-24 CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat.
network
low complexity
apache fedoraproject oracle debian opensuse blackberry netapp
critical
 9.8
9.8
2020-02-12 CVE-2020-8955 Classic Buffer Overflow vulnerability in multiple products
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
network
low complexity
weechat fedoraproject opensuse debian CWE-120
critical
 9.8
9.8
2020-02-10 CVE-2020-7060 Out-of-bounds Read vulnerability in multiple products
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
 9.1
9.1
2020-02-10 CVE-2020-7059 Out-of-bounds Read vulnerability in multiple products
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
 9.1
9.1
2020-02-07 CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
network
low complexity
nodejs oracle debian redhat opensuse
critical
 9.8
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
 9.8
9.8
2020-01-29 CVE-2020-8432 Double Free vulnerability in multiple products
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function.
network
low complexity
denx opensuse CWE-415
critical
 9.8
9.8
2020-01-24 CVE-2019-1353 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
network
low complexity
git-scm opensuse
critical
 9.8
9.8
2020-01-23 CVE-2015-5334 Out-of-bounds Write vulnerability in multiple products
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow.
network
low complexity
openbsd opensuse CWE-787
critical
 9.8
9.8
2020-01-17 CVE-2019-17361 Command Injection vulnerability in multiple products
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection.
network
low complexity
saltstack debian opensuse canonical CWE-77
critical
 9.8
9.8