Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-9109 3Fedoraproject GnuOpensuse 3Adns FedoraLeap Nov 21, 2024 Jun 18, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise,...Show more An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.Show less
CVE-2017-9108 3Fedoraproject GnuOpensuse 3Adns FedoraLeap Nov 21, 2024 Jun 18, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one s...Show more An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.Show less
CVE-2020-14416 2Linux Opensuse 2Leap Linux Kernel Nov 21, 2024 Jun 18, 2020 N/A· v4 4.2 MEDIUM· v3 4.7 MEDIUM· v2 In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/...Show more In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.Show less
CVE-2020-8619 6Canonical DebianFedoraproject+3 more 6Bind Debian LinuxFedora+3 more Nov 21, 2024 Jun 17, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or mor...Show more In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.Show less
CVE-2020-8618 4Canonical IscNetapp+1 more 4Bind LeapSteelstore Cloud Integrated Storage+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
CVE-2020-14401 4Debian Libvncserver ProjectOpensuse+1 more 9Debian Linux LeapLibvncserver+6 more Nov 21, 2024 Jun 17, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2020-14400 4Canonical DebianLibvncserver Project+1 more 4Debian Linux LeapLibvncserver+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no kn...Show more An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundaryShow less
CVE-2020-14399 4Canonical DebianLibvncserver Project+1 more 4Debian Linux LeapLibvncserver+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.
CVE-2020-14398 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVE-2020-14397 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2019-20840 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
CVE-2019-20839 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVE-2018-21247 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
CVE-2020-0543 6Canonical FedoraprojectIntel+3 more 694Celeron 1000m Celeron 1005mCeleron 1007u+691 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-14093 4Canonical DebianMutt+1 more 4Debian Linux LeapMutt+1 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
CVE-2020-14004 2Icinga Opensuse 3Backports Sle IcingaLeap Nov 21, 2024 Jun 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by d...Show more An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.Show less
CVE-2020-10732 4Canonical LinuxNetapp+1 more 19Active Iq Unified Manager Aff 8300 FirmwareAff 8700 Firmware+16 more Nov 21, 2024 Jun 12, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-1269 2Microsoft Opensuse 9Leap Windows 10Windows 7+6 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-...Show more An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.Show less
CVE-2020-10761 4Canonical OpensuseQemu+1 more 4Enterprise Linux LeapQemu+1 more Nov 21, 2024 Jun 9, 2020 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum...Show more An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.Show less
CVE-2020-10757 7Canonical DebianFedoraproject+4 more 10Active Iq Unified Manager Cloud BackupDebian Linux+7 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

Previous 1...161718...95 Next