Product:

Package_hub

(Suse)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 32
Date Id Summary Products Score Patch Annotated
2020-01-16 CVE-2020-7106 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Backports_sle, Leap, Package_hub 6.1
2019-07-23 CVE-2019-11709 Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Debian_linux, Firefox, Firefox_esr, Thunderbird, Leap, Package_hub 9.8
2019-12-18 CVE-2019-19880 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Debian_linux, Cloud_backup, Backports_sle, Leap, Mysql_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Sinec_infrastructure_network_services, Sqlite, Package_hub 7.5
2019-12-23 CVE-2019-19926 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. Debian_linux, Cloud_backup, Backports_sle, Leap, Mysql_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Sinec_infrastructure_network_services, Sqlite, Package_hub 7.5
2019-12-24 CVE-2019-19923 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). Debian_linux, Cloud_backup, Backports_sle, Leap, Mysql_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Sinec_infrastructure_network_services, Sqlite, Package_hub 7.5
2019-12-24 CVE-2019-19925 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Debian_linux, Cloud_backup, Backports_sle, Leap, Mysql_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Sinec_infrastructure_network_services, Sqlite, Package_hub 7.5
2020-02-11 CVE-2020-6381 Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub 8.8
2020-02-11 CVE-2020-6382 Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub 8.8
2020-02-11 CVE-2020-6385 Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub 8.8
2020-02-11 CVE-2020-6390 Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub 8.8