Filtered by vendor Opensuse
Subscribe
Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13844 | 2 Arm, Opensuse | 15 Cortex-a32, Cortex-a32 Firmware, Cortex-a34 and 12 more | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." | |||||
| CVE-2020-13817 | 4 Fujitsu, Netapp, Ntp and 1 more | 40 M10-1, M10-1 Firmware, M10-4 and 37 more | 2026-06-17 | 5.8 MEDIUM | 7.4 HIGH |
| ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. | |||||
| CVE-2020-13800 | 3 Canonical, Opensuse, Qemu | 3 Ubuntu Linux, Leap, Qemu | 2026-06-17 | 4.9 MEDIUM | 6.0 MEDIUM |
| ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | |||||
| CVE-2020-13753 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2026-06-17 | 7.5 HIGH | 10.0 CRITICAL |
| The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. | |||||
| CVE-2020-13696 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2026-06-17 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. | |||||
| CVE-2020-13659 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2026-06-17 | 1.9 LOW | 2.5 LOW |
| address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | |||||
| CVE-2020-13614 | 3 Axel Project, Fedoraproject, Opensuse | 4 Axel, Fedora, Backports Sle and 1 more | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. | |||||
| CVE-2020-13398 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2026-06-17 | 6.5 MEDIUM | 8.3 HIGH |
| An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | |||||
| CVE-2020-13397 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | |||||
| CVE-2020-13396 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2026-06-17 | 5.5 MEDIUM | 7.1 HIGH |
| An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | |||||
| CVE-2020-13379 | 4 Fedoraproject, Grafana, Netapp and 1 more | 5 Fedora, Grafana, E-series Performance Analyzer and 2 more | 2026-06-17 | 6.4 MEDIUM | 8.2 HIGH |
| The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | |||||
| CVE-2020-13362 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2026-06-17 | 2.1 LOW | 3.2 LOW |
| In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | |||||
| CVE-2020-13361 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2026-06-17 | 3.3 LOW | 3.9 LOW |
| In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | |||||
| CVE-2020-13249 | 3 Fedoraproject, Mariadb, Opensuse | 3 Fedora, Connector\/c, Leap | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. | |||||
| CVE-2020-13164 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | |||||
| CVE-2020-13143 | 5 Canonical, Debian, Linux and 2 more | 38 Ubuntu Linux, Debian Linux, Linux Kernel and 35 more | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. | |||||
| CVE-2020-13114 | 3 Canonical, Libexif Project, Opensuse | 3 Ubuntu Linux, Libexif, Leap | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | |||||
| CVE-2020-13113 | 4 Canonical, Debian, Libexif Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libexif and 1 more | 2026-06-17 | 6.4 MEDIUM | 8.2 HIGH |
| An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | |||||
| CVE-2020-13112 | 4 Canonical, Debian, Libexif Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libexif and 1 more | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | |||||
| CVE-2020-12888 | 6 Canonical, Debian, Fedoraproject and 3 more | 39 Ubuntu Linux, Debian Linux, Fedora and 36 more | 2026-06-17 | 4.7 MEDIUM | 5.3 MEDIUM |
| The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | |||||