Vulnerabilities > Suse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-6382 | Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-02-11 | CVE-2020-6381 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-02-04 | CVE-2019-15624 | Improper Input Validation vulnerability in multiple products Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | 4.0 |
| 2020-02-04 | CVE-2019-15623 | Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | 5.0 |
| 2020-01-27 | CVE-2006-7246 | Improper Certificate Validation vulnerability in multiple products NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | 3.2 |
| 2020-01-27 | CVE-2017-14807 | SQL Injection vulnerability in Suse Studio Onsite and Susestudio-Ui-Server An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. | 8.1 |
| 2020-01-27 | CVE-2017-14806 | Improper Certificate Validation vulnerability in Suse Studio Onsite and Susestudio-Ui-Server A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. | 5.9 |
| 2020-01-27 | CVE-2018-20105 | Information Exposure Through Log Files vulnerability in multiple products A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. | 5.5 |
| 2020-01-27 | CVE-2018-12476 | Path Traversal vulnerability in Suse Obs-Service-Tar SCM Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. | 7.5 |
| 2020-01-24 | CVE-2019-18900 | Incorrect Default Permissions vulnerability in Opensuse Libzypp : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. | 2.1 |