Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8233 2Opensuse Ui 3Backports Sle Edgeswitch FirmwareLeap Nov 21, 2024 Aug 17, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
CVE-2020-17498 4Fedoraproject OpensuseOracle+1 more 4Fedora LeapWireshark+1 more Nov 21, 2024 Aug 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
CVE-2020-17489 4Canonical DebianGnome+1 more 4Debian Linux Gnome ShellLeap+1 more Nov 21, 2024 Aug 11, 2020 N/A· v4 4.3 MEDIUM· v3 1.9 LOW· v2 An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had dec...Show more An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)Show less
CVE-2020-17368 4Debian FedoraprojectFirejail Project+1 more 4Debian Linux FedoraFirejail+1 more Nov 21, 2024 Aug 11, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
CVE-2020-17367 4Debian FedoraprojectFirejail Project+1 more 4Debian Linux FedoraFirejail+1 more Nov 21, 2024 Aug 11, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
CVE-2020-16092 4Canonical DebianOpensuse+1 more 4Debian Linux LeapQemu+1 more Nov 21, 2024 Aug 11, 2020 N/A· v4 3.8 LOW· v3 2.1 LOW· v2 In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU proc...Show more In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.Show less
CVE-2020-15659 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Nov 21, 2024 Aug 10, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.Show less
CVE-2020-15656 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Nov 21, 2024 Aug 10, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. Th...Show more JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.Show less
CVE-2020-15655 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Nov 21, 2024 Aug 10, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78....Show more A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.Show less
CVE-2020-9490 7Apache CanonicalDebian+4 more 25Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+22 more Nov 21, 2024 Aug 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Confi...Show more Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.Show less
CVE-2020-11993 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more May 1, 2025 Aug 7, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory...Show more Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.Show less
CVE-2020-11984 7Apache CanonicalDebian+4 more 13Clustered Data Ontap Communications Element ManagerCommunications Session Report Manager+10 more Nov 21, 2024 Aug 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-8026 1Opensuse 3Backports Sle LeapTumbleweed Nov 21, 2024 Aug 7, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to roo...Show more A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.Show less
CVE-2020-16845 4Debian FedoraprojectGolang+1 more 4Debian Linux FedoraGo+1 more Nov 21, 2024 Aug 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-17353 4Debian FedoraprojectLilypond+1 more 5Backports Sle Debian LinuxFedora+2 more Nov 21, 2024 Aug 5, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
CVE-2020-14344 4Canonical FedoraprojectOpensuse+1 more 4Fedora LeapLibx11+1 more Nov 21, 2024 Aug 5, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM...Show more An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.Show less
CVE-2020-16116 5Canonical DebianFedoraproject+2 more 5Ark Debian LinuxFedora+2 more Nov 21, 2024 Aug 3, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
CVE-2020-14311 4Canonical GnuOpensuse+1 more 7Enterprise Linux Enterprise Linux EusEnterprise Linux Server Aus+4 more Nov 21, 2024 Jul 31, 2020 N/A· v4 6.0 MEDIUM· v3 3.6 LOW· v2 There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized m...Show more There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.Show less
CVE-2020-14310 4Canonical GnuOpensuse+1 more 7Enterprise Linux Enterprise Linux EusEnterprise Linux Server Aus+4 more Nov 21, 2024 Jul 31, 2020 N/A· v4 6.0 MEDIUM· v3 3.6 LOW· v2 There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to re...Show more There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.Show less
CVE-2020-16166 7Canonical DebianFedoraproject+4 more 15Active Iq Unified Manager Cloud Volumes Ontap MediatorDebian Linux+12 more Nov 21, 2024 Jul 30, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/ra...Show more The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.Show less

Previous 1...8910...95 Next