Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8619 6Canonical DebianFedoraproject+3 more 6Bind Debian LinuxFedora+3 more Nov 21, 2024 Jun 17, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or mor...Show more In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.Show less
CVE-2020-8618 4Canonical IscNetapp+1 more 4Bind LeapSteelstore Cloud Integrated Storage+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
CVE-2020-14401 4Debian Libvncserver ProjectOpensuse+1 more 9Debian Linux LeapLibvncserver+6 more Nov 21, 2024 Jun 17, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2020-14400 4Canonical DebianLibvncserver Project+1 more 4Debian Linux LeapLibvncserver+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no kn...Show more An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundaryShow less
CVE-2020-14399 4Canonical DebianLibvncserver Project+1 more 4Debian Linux LeapLibvncserver+1 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.
CVE-2020-14398 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVE-2020-14397 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2019-20840 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
CVE-2019-20839 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVE-2018-21247 5Canonical DebianLibvnc Project+2 more 10Debian Linux LeapLibvncserver+7 more Nov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
CVE-2020-0543 6Canonical FedoraprojectIntel+3 more 694Celeron 1000m Celeron 1005mCeleron 1007u+691 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-14093 4Canonical DebianMutt+1 more 4Debian Linux LeapMutt+1 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
CVE-2020-14004 2Icinga Opensuse 3Backports Sle IcingaLeap Nov 21, 2024 Jun 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by d...Show more An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.Show less
CVE-2020-10732 4Canonical LinuxNetapp+1 more 19Active Iq Unified Manager Aff 8300 FirmwareAff 8700 Firmware+16 more Nov 21, 2024 Jun 12, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-1269 2Microsoft Opensuse 9Leap Windows 10Windows 7+6 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-...Show more An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.Show less
CVE-2020-10761 4Canonical OpensuseQemu+1 more 4Enterprise Linux LeapQemu+1 more Nov 21, 2024 Jun 9, 2020 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum...Show more An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.Show less
CVE-2020-10757 7Canonical DebianFedoraproject+4 more 10Active Iq Unified Manager Cloud BackupDebian Linux+7 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2020-13962 4Fedoraproject MumbleOpensuse+1 more 4Fedora LeapMumble+1 more Nov 21, 2024 Jun 9, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS s...Show more Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)Show less
CVE-2020-13844 2Arm Opensuse 8Cortex A32 Firmware Cortex A34 FirmwareCortex A35 Firmware+5 more Nov 21, 2024 Jun 8, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analys...Show more Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."Show less
CVE-2020-13696 5Canonical DebianFedoraproject+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Jun 8, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. T...Show more An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.Show less

Previous 1...202122...164 Next