Product:

Backports_sle

(Opensuse)
Repositories https://github.com/opencontainers/runc
https://github.com/lighttpd/lighttpd1.4
#Vulnerabilities 326
Date Id Summary Products Score Patch Annotated
2020-04-24 CVE-2020-12137 GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. Ubuntu_linux, Debian_linux, Fedora, Mailman, Backports_sle, Leap 6.1
2020-04-30 CVE-2020-12050 SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. Fedora, Backports_sle, Sqliteodbc 7.0
2020-05-06 CVE-2020-12108 /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. Ubuntu_linux, Debian_linux, Fedora, Mailman, Backports_sle, Leap 6.5
2020-05-19 CVE-2020-12244 An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. Debian_linux, Fedora, Backports_sle, Leap, Recursor 7.5
2020-05-19 CVE-2020-10995 PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect.... Debian_linux, Fedora, Backports_sle, Leap, Recursor 7.5
2020-01-06 CVE-2019-18179 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. Debian_linux, Backports_sle, Leap, Otrs 4.3
2019-04-08 CVE-2019-11007 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. Ubuntu_linux, Debian_linux, Graphicsmagick, Backports_sle, Leap 8.1
2019-04-08 CVE-2019-11008 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Ubuntu_linux, Debian_linux, Graphicsmagick, Backports_sle, Leap 8.8
2019-04-24 CVE-2019-11505 In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. Ubuntu_linux, Debian_linux, Graphicsmagick, Backports_sle, Leap 8.8
2019-04-24 CVE-2019-11506 In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. Ubuntu_linux, Debian_linux, Graphicsmagick, Backports_sle, Leap 8.8