Vulnerabilities > Suse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-15623 | Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | 5.0 |
| 2020-01-27 | CVE-2017-14806 | Improper Certificate Validation vulnerability in Suse Studio Onsite and Susestudio-Ui-Server A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. | 5.9 |
| 2020-01-27 | CVE-2018-20105 | Information Exposure Through Log Files vulnerability in multiple products A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. | 5.5 |
| 2020-01-23 | CVE-2015-5239 | Infinite Loop vulnerability in multiple products Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | 4.0 |
| 2020-01-17 | CVE-2019-3686 | Cross-site Scripting vulnerability in Suse Openqa openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. | 4.3 |
| 2020-01-17 | CVE-2019-3683 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. | 6.5 |
| 2020-01-17 | CVE-2019-3682 | Exposure of Resource to Wrong Sphere vulnerability in Suse Caas Platform 3.0 The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node. | 4.6 |
| 2020-01-16 | CVE-2020-7106 | Cross-site Scripting vulnerability in multiple products Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | 6.1 |
| 2020-01-09 | CVE-2020-5504 | SQL Injection vulnerability in multiple products In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. | 6.5 |
| 2020-01-02 | CVE-2010-3782 | Incorrect Authorization vulnerability in multiple products obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. | 6.5 |