Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-15606 5Debian NodejsOpensuse+2 more 7Communications Cloud Native Core Network Function Cloud Native Environment Debian LinuxEnterprise Linux+4 more Nov 21, 2024 Feb 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
CVE-2019-15605 6Debian FedoraprojectNodejs+3 more 13Debian Linux Enterprise LinuxEnterprise Linux Desktop+10 more Nov 21, 2024 Feb 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CVE-2019-15604 5Debian NodejsOpensuse+2 more 10Communications Cloud Native Core Network Function Cloud Native Environment Debian LinuxEnterprise Linux+7 more Nov 21, 2024 Feb 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
CVE-2020-8608 3Debian Libslirp ProjectOpensuse 3Debian Linux LeapLibslirp Nov 21, 2024 Feb 6, 2020 N/A· v4 5.6 MEDIUM· v3 6.8 MEDIUM· v2 In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2020-8649 3Debian LinuxOpensuse 3Debian Linux LeapLinux Kernel Nov 21, 2024 Feb 6, 2020 N/A· v4 5.9 MEDIUM· v3 3.6 LOW· v2 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
CVE-2020-8648 6Broadcom CanonicalDebian+3 more 9Active Iq Unified Manager Brocade Fabric Operating System FirmwareCloud Backup+6 more Nov 21, 2024 Feb 6, 2020 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVE-2020-8647 3Debian LinuxOpensuse 3Debian Linux LeapLinux Kernel Nov 21, 2024 Feb 6, 2020 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
CVE-2020-7216 1Opensuse 2Leap Wicked Nov 21, 2024 Feb 5, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.
CVE-2020-8632 3Canonical DebianOpensuse 3Cloud Init Debian LinuxLeap Nov 21, 2024 Feb 5, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
CVE-2020-8631 3Canonical DebianOpensuse 3Cloud Init Debian LinuxLeap Nov 21, 2024 Feb 5, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
CVE-2020-5208 4Debian FedoraprojectIpmitool Project+1 more 4Debian Linux FedoraIpmitool+1 more Nov 21, 2024 Feb 5, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the i...Show more It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.Show less
CVE-2019-12528 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid process...Show more An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.Show less
CVE-2020-8517 3Canonical OpensuseSquid Cache 3Leap SquidUbuntu Linux Nov 21, 2024 Feb 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory a...Show more An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.Show less
CVE-2020-8450 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 4, 2020 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
CVE-2020-8449 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
CVE-2019-20446 6Canonical DebianFedoraproject+3 more 6Active Iq Unified Manager Debian LinuxFedora+3 more Nov 21, 2024 Feb 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of fina...Show more In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.Show less
CVE-2020-8492 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Jan 30, 2020 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of...Show more Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.Show less
CVE-2020-8432 2Denx Opensuse 2Leap U Boot Nov 21, 2024 Jan 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE...Show more In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.Show less
CVE-2020-0549 5Canonical DebianFedoraproject+2 more 428Celeron 3855u Firmware Celeron 3865u FirmwareCeleron 3955u Firmware+425 more Nov 21, 2024 Jan 28, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2018-20105 3Opensuse SuseYast2 Rmt Project 3Leap Suse Linux Enterprise ServerYast2 Rmt Nov 21, 2024 Jan 27, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affe...Show more A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.Show less

Previous 1...313233...95 Next