Latest suse package hub Vulnerabilities

CVE-2020-10804
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/User...
composer/phpmyadmin/phpmyadmin>=4.9.0<4.9.5>=5.0.0<5.0.2
phpMyAdmin phpMyAdmin>=4.0.0<4.9.5
phpMyAdmin phpMyAdmin>=5.0.0<5.0.2
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 9 more
CVE-2020-10803
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results ...
composer/phpmyadmin/phpmyadmin>=3.4<4.9.5>=5.0.0<5.0.2
phpMyAdmin phpMyAdmin>=4.0.0<4.9.5
phpMyAdmin phpMyAdmin>=5.0.0<5.0.2
Debian Debian Linux=8.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 10 more
CVE-2020-6415
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6416
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6408
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6404
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6406
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2020-6403
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple iPhone OS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 8 more
CVE-2020-6397
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6398
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6400
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6402
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a cr...
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Apple macOS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Debian Debian Linux=9.0
and 7 more
CVE-2020-6394
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6393
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6396
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6391
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2020-6392
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c...
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6382
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6390
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 7 more
CVE-2020-6385
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
and 7 more
CVE-2019-15623
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...
Nextcloud Nextcloud Server<14.0.13
Nextcloud Nextcloud Server>=15.0.0<15.0.9
Nextcloud Nextcloud Server>=16.0.0<16.0.2
openSUSE Backports SLE=15.0-sp1
Suse Package Hub
CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search acti...
composer/phpmyadmin/phpmyadmin>=4.9.0<4.9.5>=5.0.0<5.0.2
phpMyAdmin phpMyAdmin>=4.0.0<4.9.5
phpMyAdmin phpMyAdmin>=5.0.0<5.0.2
Debian Debian Linux=8.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 10 more
CVE-2020-7106
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the descript...
Cacti Cacti<1.2.9
Debian Debian Linux=8.0
Debian Debian Linux=9.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
Suse Package Hub
and 6 more
CVE-2019-19923
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inco...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19925
SQLite is vulnerable to a denial of service, caused by the mishandling of a NULL pathname in the zipfileUpdate function in ext/misc/zipfile.c. By sending a specially-crafted request, a remote attacker...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 17 more
CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Netapp Cloud Backup
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Suse Package Hub
and 14 more
CVE-2020-6381
Insufficient policy enforcement in Blink.
redhat/chromium-browser<80.0.3987.87
Google Chrome<80.0.3987.87
Google Android
Google Chrome OS
openSUSE Backports SLE=15.0-sp1
Fedoraproject Fedora=30
and 10 more
CVE-2019-13764
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<79.0.3945.79
Google Chrome<79.0.3945.79
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 7 more
CVE-2019-13745
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
redhat/chromium-browser<79.0.3945.79
Google Chrome<79.0.3945.79
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Suse Package Hub
SUSE Linux Enterprise=12.0
and 7 more
CVE-2019-13734
An out of bounds write flaw was found in the SQLite component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1025466">https://code.google.com/...
IBM ISAM<=9.0.7
IBM Security Verify Access<=10.0.0
Google Chrome<79.0.3945.79
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Redhat Openshift Container Platform=3.11
and 52 more
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. T...
Mozilla Firefox<68
<68
<60.8
<60.8
Mozilla Firefox<68.0
Mozilla Firefox ESR<60.8
and 7 more
CVE-2019-11709
Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbi...
Mozilla Firefox<68
<68
<60.8
<60.8
Mozilla Firefox<68.0
Mozilla Firefox ESR<60.8.0
and 7 more
CVE-2018-16876
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Redhat Ansible>=2.5.0<2.5.14
Redhat Ansible>=2.6.0<2.6.11
Redhat Ansible>=2.7.0<2.7.5
Debian Debian Linux=9.0
Redhat Ansible Engine=2.0
Redhat Ansible Engine=2.5
and 21 more
CVE-2018-16837
"User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executa...
Redhat Ansible Engine=2.0
Redhat Ansible Engine=2.5
Redhat Ansible Engine=2.6
Redhat Ansible Engine=2.7
Redhat Ansible Tower=3.3.0
Debian Debian Linux=8.0
and 13 more
CVE-2019-5798
Out of bounds read in Skia
Mozilla Firefox ESR<60.7
Google Chrome<73.0.3683.75
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Suse Package Hub
Canonical Ubuntu Linux=16.04
and 26 more
CVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing t...
redhat/ansible<2.4.6
redhat/ansible<2.5.6
redhat/ansible<2.6.1
pip/ansible>=2.6.0<2.6.1
pip/ansible>=2.5.0<2.5.6
pip/ansible<2.4.6
and 26 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203