Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2020-8029

    A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/sk... Read more

    Affected Products : caas_platform
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-8028

    A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local ... Read more

    Affected Products : manager_server salt-netapi-client
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2020-8027

    A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openld... Read more

    Affected Products : leap linux_enterprise_server openldap2
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2020-8026

    A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Lea... Read more

    Affected Products : leap backports_sle tumbleweed
    • Published: Aug. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-8025

    A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the per... Read more

    • Published: Aug. 07, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8024

    A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 1... Read more

    Affected Products : leap hylafax\+
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8023

    A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11... Read more

    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8022

    A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server... Read more

    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8021

    a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.... Read more

    Affected Products : debian_linux open_build_service
    • Published: May. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8020

    A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a8... Read more

    Affected Products : debian_linux open_build_service
    • Published: May. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8019

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sal... Read more

    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2020-8018

    A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the u... Read more

    Affected Products : linux_enterprise_desktop
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2020-8017

    A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software D... Read more

    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2020-8016

    A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Developmen... Read more

    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2020-8015

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.... Read more

    Affected Products : opensuse exim openldap2
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8014

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 k... Read more

    Affected Products : leap tumbleweed_kopano-spamd
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2020-8013

    A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously ... Read more

    Affected Products : leap linux_enterprise_server
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8012

    CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.... Read more

    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8011

    CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.... Read more

    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8010

    CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.... Read more

    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results