Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-06 | CVE-2020-12672 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | Debian_linux, Graphicsmagick, Backports_sle, Leap | 7.5 | ||
| 2020-01-24 | CVE-2019-3693 | A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version... | Backports_sle, Mailman | 7.8 | ||
| 2020-01-08 | CVE-2020-6609 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | Libredwg, Backports_sle, Leap | 8.8 | ||
| 2020-01-08 | CVE-2020-6611 | GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | Libredwg, Backports_sle, Leap | 6.5 | ||
| 2020-01-08 | CVE-2020-6612 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | Libredwg, Backports_sle, Leap | 8.1 | ||
| 2020-01-08 | CVE-2020-6613 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | Libredwg, Backports_sle, Leap | 8.1 | ||
| 2020-01-08 | CVE-2020-6614 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | Libredwg, Backports_sle, Leap | 8.1 | ||
| 2020-01-08 | CVE-2020-6615 | GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | Libredwg, Backports_sle, Leap | 6.5 | ||
| 2020-05-04 | CVE-2020-12625 | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | Debian_linux, Backports_sle, Leap, Webmail | 6.1 | ||
| 2020-05-04 | CVE-2020-12640 | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | Backports_sle, Leap, Webmail | 9.8 |