Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2019-18903 Use After Free vulnerability in multiple products
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.
network
low complexity
suse opensuse CWE-416
critical
9.8
2020-03-02 CVE-2019-18902 Use After Free vulnerability in multiple products
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution.
network
low complexity
suse opensuse CWE-416
critical
9.8
2020-03-02 CVE-2019-18901 A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640.
local
low complexity
suse opensuse
5.5
2020-03-02 CVE-2019-18897 A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root.
local
low complexity
suse opensuse
7.8
2020-02-17 CVE-2014-1947 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
local
low complexity
imagemagick suse CWE-787
7.8
2020-02-11 CVE-2020-6416 Improper Input Validation vulnerability in multiple products
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2020-02-11 CVE-2020-6415 Out-of-bounds Write vulnerability in multiple products
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2020-02-11 CVE-2020-6408 Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
network
low complexity
google opensuse fedoraproject debian suse redhat
6.5
2020-02-11 CVE-2020-6406 Use After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian suse redhat CWE-416
8.8
2020-02-11 CVE-2020-6404 Out-of-bounds Write vulnerability in multiple products
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8