Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-24 | CVE-2019-3693 | A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version... | Backports_sle, Mailman | 7.8 | ||
| 2020-01-08 | CVE-2020-6609 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | Libredwg, Backports_sle, Leap | 8.8 | ||
| 2020-01-08 | CVE-2020-6611 | GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | Libredwg, Backports_sle, Leap | 6.5 | ||
| 2020-01-08 | CVE-2020-6612 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | Libredwg, Backports_sle, Leap | 8.1 | ||
| 2020-01-08 | CVE-2020-6613 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | Libredwg, Backports_sle, Leap | 8.1 | ||
| 2020-01-08 | CVE-2020-6614 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | Libredwg, Backports_sle, Leap | 8.1 | ||
| 2020-01-08 | CVE-2020-6615 | GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | Libredwg, Backports_sle, Leap | 6.5 | ||
| 2020-05-04 | CVE-2020-12625 | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | Debian_linux, Backports_sle, Leap, Webmail | 6.1 | ||
| 2020-05-04 | CVE-2020-12640 | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | Backports_sle, Leap, Webmail | 9.8 | ||
| 2020-04-08 | CVE-2019-20637 | An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | Backports_sle, Leap, Varnish_cache, Varnish_cache | 7.5 |