Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Backports Sle
Total 329 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-21950 2 Opensuse, Suse 4 Backports Sle, Canna, Factory and 1 more 2024-11-21 N/A 5.3 MEDIUM
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.
CVE-2021-31998 2 Opensuse, Suse 4 Backports Sle, Inn, Leap and 1 more 2024-11-21 7.2 HIGH 6.8 MEDIUM
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
CVE-2020-9273 5 Debian, Fedoraproject, Opensuse and 2 more 9 Debian Linux, Fedora, Backports Sle and 6 more 2024-11-21 9.0 HIGH 8.8 HIGH
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
CVE-2020-9272 3 Opensuse, Proftpd, Siemens 7 Backports Sle, Leap, Proftpd and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
CVE-2020-8955 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports Sle and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
CVE-2020-8233 2 Opensuse, Ui 14 Backports Sle, Leap, Edgeswitch Firmware and 11 more 2024-11-21 9.0 HIGH 8.8 HIGH
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
CVE-2020-8228 2 Nextcloud, Opensuse 3 Preferred Providers, Backports Sle, Leap 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
CVE-2020-8164 3 Debian, Opensuse, Rubyonrails 4 Debian Linux, Backports Sle, Leap and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
CVE-2020-8118 3 Nextcloud, Novell, Opensuse 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle 2024-11-21 4.0 MEDIUM 5.0 MEDIUM
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVE-2020-8026 1 Opensuse 3 Backports Sle, Leap, Tumbleweed 2024-11-21 7.2 HIGH 8.4 HIGH
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
CVE-2020-8019 3 Oneidentity, Opensuse, Suse 7 Syslog-ng, Backports Sle, Leap and 4 more 2024-11-21 7.2 HIGH 7.7 HIGH
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.
CVE-2020-7106 5 Cacti, Debian, Fedoraproject and 2 more 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
CVE-2020-7043 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
CVE-2020-7042 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
CVE-2020-7041 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
CVE-2020-7040 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more 2024-11-21 9.3 HIGH 8.1 HIGH
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
CVE-2020-6615 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
CVE-2020-6614 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 5.8 MEDIUM 8.1 HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
CVE-2020-6613 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 5.8 MEDIUM 8.1 HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVE-2020-6612 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 5.8 MEDIUM 8.1 HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.