Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-14303 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Jul 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
CVE-2020-15466 3Debian OpensuseWireshark 3Debian Linux LeapWireshark Nov 21, 2024 Jul 5, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
CVE-2020-15396 4Fedoraproject Hylafax+ ProjectIfax+1 more 5Backports Sle FedoraHylafax++2 more Nov 21, 2024 Jun 30, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
CVE-2017-18922 5Canonical FedoraprojectLibvncserver Project+2 more 10Fedora LeapLibvncserver+7 more Nov 21, 2024 Jun 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, cau...Show more It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.Show less
CVE-2020-15393 4Canonical DebianLinux+1 more 4Debian Linux LeapLinux Kernel+1 more Nov 21, 2024 Jun 29, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
CVE-2020-4067 5Canonical Coturn ProjectDebian+2 more 5Coturn Debian LinuxFedora+2 more Nov 21, 2024 Jun 29, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use t...Show more In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.Show less
CVE-2020-8014 1Opensuse 2Leap Tumbleweed Kopano Spamd Nov 21, 2024 Jun 29, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This...Show more A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1.Show less
CVE-2020-8022 2Apache Opensuse 2Leap Tomcat Nov 21, 2024 Jun 29, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP...Show more A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.Show less
CVE-2020-11996 6Apache CanonicalDebian+3 more 8Debian Linux LeapMysql Enterprise Monitor+5 more Nov 21, 2024 Jun 26, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such reques...Show more A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.Show less
CVE-2020-10769 2Opensuse Redhat 2Enterprise Linux Leap Nov 21, 2024 Jun 26, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not...Show more A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.Show less
CVE-2020-10753 5Canonical FedoraprojectLinuxfoundation+2 more 6Ceph Ceph StorageFedora+3 more Nov 21, 2024 Jun 26, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the...Show more A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.Show less
CVE-2020-15306 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Jun 26, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
CVE-2020-15305 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Jun 26, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-15304 3Fedoraproject OpenexrOpensuse 3Fedora LeapOpenexr Nov 21, 2024 Jun 26, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer derefe...Show more An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.Show less
CVE-2020-15025 4Netapp NtpOpensuse+1 more 168300 Firmware 8700 FirmwareA400 Firmware+13 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used...Show more ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.Show less
CVE-2020-12866 3Canonical OpensuseSane Project 3Leap Sane BackendsUbuntu Linux Nov 21, 2024 Jun 24, 2020 N/A· v4 5.7 MEDIUM· v3 2.7 LOW· v2 A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
CVE-2020-12865 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSane Backends+1 more Nov 21, 2024 Jun 24, 2020 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
CVE-2020-12864 3Canonical OpensuseSane Project 3Leap Sane BackendsUbuntu Linux Nov 21, 2024 Jun 24, 2020 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-08...Show more An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.Show less
CVE-2020-12863 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSane Backends+1 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-08...Show more An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.Show less
CVE-2020-12862 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSane Backends+1 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-08...Show more An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.Show less

Previous 1...141516...95 Next