Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-29 | CVE-2020-16118 | In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | Balsa, Backports_sle, Leap | 7.5 | ||
| 2020-10-07 | CVE-2020-26164 | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | Kdeconnect, Backports_sle, Leap | 5.5 | ||
| 2020-01-21 | CVE-2020-7040 | storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Storebackup | 8.1 | ||
| 2020-08-07 | CVE-2020-8026 | A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. | Backports_sle, Leap, Tumbleweed | 7.8 | ||
| 2019-07-26 | CVE-2019-14274 | MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. | Mcpp, Backports_sle, Leap | 5.5 | ||
| 2020-04-08 | CVE-2020-11653 | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | Debian_linux, Backports_sle, Leap, Varnish_cache, Varnish_cache | 7.5 | ||
| 2020-09-25 | CVE-2019-11556 | Pagure before 5.6 allows XSS via the templates/blame.html blame view. | Backports_sle, Leap, Pagure | 6.1 | ||
| 2020-10-14 | CVE-2020-15229 | Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a... | Backports_sle, Leap, Singularity | 9.3 | ||
| 2020-01-24 | CVE-2019-3692 | The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. | Backports_sle, Leap, Inn | 7.8 | ||
| 2020-06-12 | CVE-2020-14004 | An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | Icinga, Backports_sle, Leap | 7.8 |