Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-6435 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6434 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6433 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6432 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6431 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6430 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6423 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Apr 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-11647 3Debian OpensuseWireshark 3Debian Linux LeapWireshark Nov 21, 2024 Apr 10, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
CVE-2020-11669 3Linux OpensuseRedhat 3Enterprise Linux LeapLinux Kernel Nov 21, 2024 Apr 10, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMO...Show more An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.Show less
CVE-2020-8834 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Apr 9, 2020 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with...Show more KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file")Show less
CVE-2020-11653 4Debian OpensuseVarnish Cache+1 more 5Backports Sle Debian LinuxLeap+2 more Nov 21, 2024 Apr 8, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion f...Show more An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.Show less
CVE-2019-20637 3Opensuse Varnish CacheVarnish Software 4Backports Sle LeapVarnish Cache+1 more Nov 21, 2024 Apr 8, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same...Show more An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.Show less
CVE-2020-11501 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraGnutls+2 more Nov 21, 2024 Apr 3, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a rand...Show more GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.Show less
CVE-2020-11494 4Canonical DebianLinux+1 more 4Debian Linux LeapLinux Kernel+1 more Nov 21, 2024 Apr 2, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel st...Show more An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.Show less
CVE-2020-11100 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraHaproxy+3 more Nov 21, 2024 Apr 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly ca...Show more In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.Show less
CVE-2020-8017 1Opensuse 2Leap Texlive Filesystem Nov 21, 2024 Apr 2, 2020 N/A· v4 6.3 MEDIUM· v3 3.3 LOW· v2 A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP...Show more A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.Show less
CVE-2020-1927 8Apache BroadcomCanonical+5 more 14Brocade Fabric Operating System Communications Element ManagerCommunications Session Report Manager+11 more Nov 21, 2024 Apr 2, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request U...Show more In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.Show less
CVE-2020-1934 6Apache CanonicalDebian+3 more 11Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+8 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-7066 4Debian OpensusePhp+1 more 4Debian Linux LeapPhp+1 more Nov 21, 2024 Apr 1, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may...Show more In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.Show less
CVE-2020-7064 5Canonical DebianOpensuse+2 more 5Debian Linux LeapPhp+2 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory...Show more In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.Show less

Previous 1...272829...95 Next