Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14905 3Fedoraproject OpensuseRedhat 8Ansible Engine Ansible TowerBackports Sle+5 more Nov 21, 2024 Mar 31, 2020 N/A· v4 5.6 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on...Show more A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.Show less
CVE-2020-6095 2Gstreamer Project Opensuse 3Backports Sle Gst Rtsp ServerLeap Nov 21, 2024 Mar 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of...Show more An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2020-1772 3Debian OpensuseOtrs 4Backports Sle Debian LinuxLeap+1 more Nov 21, 2024 Mar 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Co...Show more It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.Show less
CVE-2020-1770 3Debian OpensuseOtrs 4Backports Sle Debian LinuxLeap+1 more Nov 21, 2024 Mar 27, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.1...Show more Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.Show less
CVE-2020-1769 2Opensuse Otrs 3Backports Sle LeapOtrs Nov 21, 2024 Mar 27, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior version...Show more In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.Show less
CVE-2020-10942 4Canonical DebianLinux+1 more 4Debian Linux LeapLinux Kernel+1 more Nov 21, 2024 Mar 24, 2020 N/A· v4 5.3 MEDIUM· v3 5.4 MEDIUM· v2 In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVE-2020-10938 3Debian GraphicsmagickOpensuse 4Backports Debian LinuxGraphicsmagick+1 more Nov 21, 2024 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2020-1747 4Fedoraproject OpensuseOracle+1 more 4Communications Cloud Native Core Network Function Cloud Native Environment FedoraLeap+1 more Nov 21, 2024 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoade...Show more A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.Show less
CVE-2020-10593 2Opensuse Torproject 3Backports Sle LeapTor Nov 21, 2024 Mar 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit...Show more Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.Show less
CVE-2020-10592 2Opensuse Torproject 3Backports LeapTor Nov 21, 2024 Mar 23, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
CVE-2020-10803 5Debian FedoraprojectOpensuse+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Mar 22, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.ph...Show more In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.Show less
CVE-2020-10802 5Debian FedoraprojectOpensuse+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Mar 22, 2020 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/cla...Show more In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.Show less
CVE-2020-10804 4Fedoraproject OpensusePhpmyadmin+1 more 5Backports Sle FedoraLeap+2 more Nov 21, 2024 Mar 22, 2020 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A mal...Show more In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).Show less
CVE-2019-17185 2Freeradius Opensuse 2Freeradius Leap Nov 21, 2024 Mar 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concur...Show more In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.Show less
CVE-2019-18860 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSquid+1 more Nov 5, 2025 Mar 20, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
CVE-2020-5267 4Debian FedoraprojectOpensuse+1 more 4Actionview Debian LinuxFedora+1 more Nov 21, 2024 Mar 19, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS...Show more In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.Show less
CVE-2020-10648 2Denx Opensuse 2Leap U Boot May 12, 2026 Mar 19, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
CVE-2019-12921 3Debian GraphicsmagickOpensuse 4Backports Sle Debian LinuxGraphicsmagick+1 more Nov 21, 2024 Mar 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
CVE-2020-0556 4Bluez CanonicalDebian+1 more 4Bluez Debian LinuxLeap+1 more Nov 21, 2024 Mar 12, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
CVE-2020-10531 9Canonical DebianFedoraproject+6 more 11Banking Extensibility Workbench ChromeDebian Linux+8 more Nov 21, 2024 Mar 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unist...Show more An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.Show less

Previous 1...282930...95 Next