Vulnerabilities > Opensuse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-8023 | Unspecified vulnerability in Opensuse Openldap2 A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. | 7.8 |
| 2020-08-31 | CVE-2020-25032 | Path Traversal vulnerability in multiple products An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. | 7.5 |
| 2020-08-30 | CVE-2020-14352 | Path Traversal vulnerability in multiple products A flaw was found in librepo in versions before 1.12.1. | 8.0 |
| 2020-08-29 | CVE-2020-24972 | Improper Encoding or Escaping of Output vulnerability in multiple products The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. | 8.8 |
| 2020-08-25 | CVE-2020-24614 | Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
| 2020-08-24 | CVE-2020-24606 | Improper Locking vulnerability in multiple products Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. | 7.5 |
| 2020-08-24 | CVE-2020-14350 | Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. | 7.3 |
| 2020-08-24 | CVE-2020-14349 | Uncontrolled Search Path Element vulnerability in multiple products It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. | 7.1 |
| 2020-08-21 | CVE-2020-8623 | Reachable Assertion vulnerability in multiple products In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. | 7.5 |
| 2020-08-21 | CVE-2020-8621 | Reachable Assertion vulnerability in multiple products In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. | 7.5 |