Product:

Backports_sle

(Opensuse)
Date Id Summary Products Score Patch Annotated
2020-02-04 CVE-2020-8118 An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. Nextcloud_server, Suse_linux_enterprise_server, Backports_sle 5.0
2019-02-20 CVE-2019-7164 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. Debian_linux, Backports_sle, Leap, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Sqlalchemy 9.8
2019-02-06 CVE-2019-7548 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Debian_linux, Backports_sle, Leap, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Sqlalchemy 7.8
2020-02-20 CVE-2020-9272 ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. Backports_sle, Leap, Proftpd, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1545\-1_firmware 7.5
2019-07-30 CVE-2019-5459 An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Backports, Backports_sle, Leap, Vlc_media_player 7.1
2020-02-04 CVE-2019-15623 Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. Nextcloud_server, Backports_sle, Package_hub 5.3
2019-12-16 CVE-2019-16779 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. Debian_linux, Excon, Backports_sle, Leap 5.9
2020-06-03 CVE-2020-6496 Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Debian_linux, Chrome, Backports_sle, Leap 8.8
2020-02-28 CVE-2019-3698 UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1... Nagios, Backports_sle, Leap 7.0
2019-11-26 CVE-2019-14856 ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None Backports_sle, Leap, Ansible, Openstack 6.5