Filtered by vendor Opensuse Subscriptions
Total 3284 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-7043 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2024-11-21 9.1 Critical
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
CVE-2020-7042 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2024-11-21 5.3 Medium
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
CVE-2020-7041 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more 5 Fedora, Openfortivpn, Openssl and 2 more 2024-11-21 5.3 Medium
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
CVE-2020-7040 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more 2024-11-21 8.1 High
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
CVE-2020-7039 5 Debian, Libslirp Project, Opensuse and 2 more 12 Debian Linux, Libslirp, Leap and 9 more 2024-11-21 5.6 Medium
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
CVE-2020-6831 5 Canonical, Debian, Mozilla and 2 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2024-11-21 9.8 Critical
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
CVE-2020-6615 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 6.5 Medium
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
CVE-2020-6614 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.1 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
CVE-2020-6613 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.1 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVE-2020-6612 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.1 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
CVE-2020-6611 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 6.5 Medium
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
CVE-2020-6610 2 Gnu, Opensuse 3 Libredwg, Backports, Leap 2024-11-21 6.5 Medium
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVE-2020-6609 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.8 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
CVE-2020-6576 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.8 High
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6575 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.3 High
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6574 6 Apple, Debian, Fedoraproject and 3 more 7 Mac Os X, Debian Linux, Fedora and 4 more 2024-11-21 7.8 High
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
CVE-2020-6573 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 9.6 Critical
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6571 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 4.3 Medium
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2020-6570 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 4.3 Medium
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
CVE-2020-6569 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 6.3 Medium
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.