Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-11022 8Debian DrupalFedoraproject+5 more 70Agile Product Lifecycle Management For Process Agile Product Supplier Collaboration For ProcessApplication Testing Suite+67 more Apr 13, 2026 Apr 29, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted co...Show more In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.Show less
CVE-2020-10663 5Apple DebianFedoraproject+2 more 5Debian Linux FedoraJson+++2 more Nov 21, 2024 Apr 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on...Show more The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.Show less
CVE-2020-12243 8Apple BroadcomCanonical+5 more 18Brocade Fabric Operating System Cloud BackupDebian Linux+15 more Nov 21, 2024 Apr 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVE-2020-12268 3Artifex DebianOpensuse 3Debian Linux Jbig2decLeap Nov 21, 2024 Apr 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
CVE-2020-12137 5Canonical DebianFedoraproject+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Apr 24, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web...Show more GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.Show less
CVE-2020-12105 2Infradead Opensuse 2Leap Openconnect Nov 21, 2024 Apr 23, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
CVE-2020-11945 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow th...Show more An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).Show less
CVE-2020-1983 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 22, 2020 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
CVE-2020-12066 5Canonical DebianFedoraproject+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Apr 22, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
CVE-2019-20787 2Opensuse Teeworlds 2Leap Teeworlds Nov 21, 2024 Apr 22, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.
CVE-2020-1967 10Broadcom DebianFedoraproject+7 more 26Active Iq Unified Manager Application ServerDebian Linux+23 more Nov 21, 2024 Apr 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert"...Show more Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).Show less
CVE-2020-11793 5Canonical FedoraprojectOpensuse+2 more 5Fedora LeapUbuntu Linux+2 more Nov 21, 2024 Apr 17, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...Show more A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).Show less
CVE-2020-11868 5Debian NetappNtp+2 more 17All Flash Fabric Attached Storage 8300 Firmware All Flash Fabric Attached Storage 8700 FirmwareAll Flash Fabric Attached Storage A400 Firmware+14 more May 5, 2025 Apr 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled e...Show more ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.Show less
CVE-2019-12519 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSquid+1 more Nov 21, 2024 Apr 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evalu...Show more An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.Show less
CVE-2019-12521 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSquid+1 more Nov 21, 2024 Apr 15, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is ad...Show more An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.Show less
CVE-2020-2959 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Apr 15, 2020 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).Show less
CVE-2020-2958 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Apr 15, 2020 N/A· v4 7.5 HIGH· v3 4.4 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerabili...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).Show less
CVE-2020-2951 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Apr 15, 2020 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).Show less
CVE-2020-2929 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Apr 15, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2020-2914 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Apr 15, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low pri...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).Show less

Previous 1...232425...95 Next