Backports Sle Security Vulnerabilities and Issues — Page 7 of Backports Sle CVE List

Lucene search

OpensuseBackports Sle

326 matches found

CVE•added 2020/08/07 10:15 a.m.•129 views

CVE-2020-8026

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prio...

8.4CVSS7.7AI score0.00051EPSS

CVE•added 2020/08/17 4:15 p.m.•129 views

CVE-2020-8233

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

9CVSS9.1AI score0.04921EPSS

CVE•added 2020/01/21 6:15 p.m.•128 views

CVE-2019-18932

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and p...

7CVSS6.6AI score0.00074EPSS

CVE•added 2019/03/21 4:1 p.m.•127 views

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

7.8CVSS7.4AI score0.02283EPSS

CVE•added 2020/04/22 5:15 p.m.•125 views

CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

7.8CVSS7.3AI score0.04554EPSS

CVE•added 2020/01/24 10:15 a.m.•123 views

CVE-2019-3693

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This i...

7.8CVSS7.4AI score0.00177EPSS

CVE•added 2020/02/27 6:15 p.m.•123 views

CVE-2020-7043

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

9.1CVSS8.9AI score0.0064EPSS

CVE•added 2020/01/24 9:15 a.m.•122 views

CVE-2019-3692

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-...

7.8CVSS7.5AI score0.00168EPSS

CVE•added 2020/10/05 2:15 p.m.•121 views

CVE-2020-8228

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

5.3CVSS5.5AI score0.00451EPSS

CVE•added 2019/03/14 9:29 a.m.•120 views

CVE-2019-9773

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

7.5CVSS8.5AI score0.02801EPSS

CVE•added 2019/03/14 9:29 a.m.•120 views

CVE-2019-9775

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.

9.1CVSS9AI score0.03129EPSS

CVE•added 2020/01/08 9:15 p.m.•120 views

CVE-2020-6613

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2020/02/27 6:15 p.m.•120 views

CVE-2020-7041

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

5.3CVSS6.8AI score0.01793EPSS

CVE•added 2020/01/08 9:15 p.m.•119 views

CVE-2020-6609

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

8.8CVSS8.6AI score0.00561EPSS

CVE•added 2019/03/14 9:29 a.m.•118 views

CVE-2019-9771

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

7.5CVSS8.2AI score0.02523EPSS

CVE•added 2020/01/08 9:15 p.m.•116 views

CVE-2020-6614

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2019/03/14 9:29 a.m.•115 views

CVE-2019-9777

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

7.5CVSS8.3AI score0.02434EPSS

CVE•added 2020/01/08 9:15 p.m.•115 views

CVE-2020-6615

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

6.5CVSS7.3AI score0.00672EPSS

CVE•added 2020/01/08 9:15 p.m.•114 views

CVE-2020-6611

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

6.5CVSS7.2AI score0.00579EPSS

CVE•added 2019/03/14 9:29 a.m.•112 views

CVE-2019-9770

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

7.5CVSS8.5AI score0.02893EPSS

CVE•added 2019/03/14 9:29 a.m.•110 views

CVE-2019-9774

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

9.1CVSS9AI score0.03129EPSS

CVE•added 2019/03/14 9:29 a.m.•110 views

CVE-2019-9776

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

7.5CVSS7.3AI score0.02442EPSS

CVE•added 2019/03/14 9:29 a.m.•110 views

CVE-2019-9779

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

7.5CVSS7.3AI score0.02442EPSS

CVE•added 2020/01/08 9:15 p.m.•110 views

CVE-2020-6612

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2019/03/14 9:29 a.m.•109 views

CVE-2019-9778

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

7.5CVSS8.3AI score0.02434EPSS

CVE•added 2019/03/14 9:29 a.m.•29 views

CVE-2019-9772

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.