Product:

Backports_sle

(Opensuse)
Date Id Summary Products Score Patch Annotated
2020-06-19 CVE-2020-8164 A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. Debian_linux, Backports_sle, Leap, Rails 7.5
2020-08-17 CVE-2020-8233 A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. Backports_sle, Leap, Edgeswitch_firmware 8.8
2020-03-27 CVE-2020-6095 An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. Gst\-Rtsp\-Server, Backports_sle, Leap 7.5
2019-03-13 CVE-2019-9752 An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. Backports_sle, Leap, Otrs 5.4
2020-05-04 CVE-2020-12641 rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. Backports_sle, Leap, Webmail 9.8
2020-08-31 CVE-2020-25032 An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. Debian_linux, Flask\-Cors, Backports_sle, Leap 7.5
2020-09-21 CVE-2020-6558 Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Debian_linux, Chrome, Backports_sle, Leap 6.5
2020-01-21 CVE-2019-18932 log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. Backports_sle, Leap, Squid_analysis_report_generator 7.0
2020-06-03 CVE-2020-6494 Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Debian_linux, Chrome, Backports_sle, Leap 6.5
2019-02-28 CVE-2019-9215 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. Debian_linux, Streaming_media, Backports_sle, Leap 9.8