Vulnerabilities > Opensuse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-02 | CVE-2020-24553 | Cross-site Scripting vulnerability in multiple products Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | 6.1 |
| 2020-09-02 | CVE-2020-15811 | Incorrect Comparison vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |
| 2020-09-02 | CVE-2020-15810 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |
| 2020-09-01 | CVE-2018-12475 | Unspecified vulnerability in Opensuse Open Build Service A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. | 5.4 |
| 2020-08-31 | CVE-2020-14364 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | 5.0 |
| 2020-08-21 | CVE-2020-8624 | Improper Privilege Management vulnerability in multiple products In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | 4.3 |
| 2020-08-21 | CVE-2020-8622 | Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. | 6.5 |
| 2020-08-13 | CVE-2020-17498 | Double Free vulnerability in multiple products In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. | 6.5 |
| 2020-08-11 | CVE-2020-17489 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. | 4.3 |
| 2020-08-10 | CVE-2020-15655 | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. | 6.5 |