Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2020-04-03 CVE-2019-18905 Insufficient Verification of Data Authenticity vulnerability in Opensuse Autoyast2 4.0.703.20.1/4.1.93.9.1
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images.
4.3
2020-04-03 CVE-2019-18904 Resource Exhaustion vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations.
network
low complexity
opensuse suse CWE-400
5.0
2020-04-03 CVE-2018-17954 Improper Privilege Management vulnerability in Suse Openstack Cloud and Openstack Cloud Crowbar
A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node.
local
low complexity
suse CWE-269
7.2
2020-03-23 CVE-2020-6449 USE After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.3
2020-03-23 CVE-2020-6429 USE After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.3
2020-03-23 CVE-2020-6428 USE After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.3
2020-03-23 CVE-2020-6427 USE After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.3
2020-03-23 CVE-2020-6426 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4.3
2020-03-23 CVE-2020-6424 USE After Free vulnerability in multiple products
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.3
2020-03-23 CVE-2020-6422 USE After Free vulnerability in multiple products
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.3