Product:

Leap

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/ImageMagick/ImageMagick
https://github.com/krb5/krb5
https://github.com/torvalds/linux
https://github.com/libgd/libgd
https://github.com/madler/zlib
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/roundcube/roundcubemail
https://github.com/dbry/WavPack
https://github.com/dosfstools/dosfstools
https://github.com/golang/go
https://github.com/file/file
https://github.com/tats/w3m
https://github.com/atheme/atheme
https://github.com/quassel/quassel
https://github.com/git/git
https://github.com/ntp-project/ntp
https://github.com/requests/requests
https://github.com/opencontainers/runc
https://github.com/erikd/libsndfile
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/FreeRDP/FreeRDP
https://github.com/esnet/iperf
https://github.com/mysql/mysql-server
https://git.kernel.org/pub/scm/git/git.git
https://github.com/heimdal/heimdal
https://github.com/WebKit/webkit
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/ClusterLabs/pacemaker
https://github.com/curl/curl
https://github.com/vadz/libtiff
https://github.com/uclouvain/openjpeg
https://github.com/libimobiledevice/libimobiledevice
https://github.com/FFmpeg/FFmpeg
https://github.com/fragglet/lhasa
https://github.com/TigerVNC/tigervnc
https://github.com/mm2/Little-CMS
https://github.com/stedolan/jq
https://github.com/Matroska-Org/libmatroska
https://github.com/mdadams/jasper
https://github.com/the-tcpdump-group/tcpdump
#Vulnerabilities 1164
Date Id Summary Products Score Patch Annotated
2021-02-09 CVE-2021-26675 A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. Debian_linux, Connman, Leap 8.8
2021-02-09 CVE-2021-26676 gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. Debian_linux, Connman, Leap 6.5
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Max_data, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter, Leap, Agile_product_supplier_collaboration_for_process, Application_testing_suite, Banking_digital_experience, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router_idih\:, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Healthcare_foundation, Hospitality_materials_control, Hospitality_simphony, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_back_office, Retail_customer_management_and_segmentation_foundation, Retail_returns_management, Siebel_ui_framework, Weblogic_server 6.1
2020-09-30 CVE-2020-14375 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Ubuntu_linux, Data_plane_development_kit, Leap 7.8
2020-02-24 CVE-2020-1935 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. Tomcat, Ubuntu_linux, Debian_linux, Data_availability_services, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_product_lifecycle_management, Communications_element_manager, Communications_instant_messaging_server, Health_sciences_empirica_inspections, Health_sciences_empirica_signal, Hospitality_guest_access, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql_enterprise_monitor, Retail_order_broker, Siebel_ui_framework, Transportation_management, Workload_manager 4.8
2020-07-29 CVE-2020-15705 GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Ubuntu_linux, Debian_linux, Grub2, Windows_10, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019, Leap, Enterprise_linux, Enterprise_linux_atomic_host, Openshift_container_platform, Suse_linux_enterprise_server 6.4
2019-12-20 CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Log4j, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Oncommand_workflow_automation, Leap, Application_testing_suite, Communications_network_integrity, Endeca_information_discovery_studio, Financial_services_lending_and_leasing, Primavera_gateway, Rapid_planning, Retail_extract_transform_and_load, Retail_service_backbone, Weblogic_server 9.8
2018-12-26 CVE-2018-20467 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. Ubuntu_linux, Debian_linux, Imagemagick, Leap 6.5
2019-03-07 CVE-2019-7175 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Ubuntu_linux, Debian_linux, Imagemagick, Leap 7.5
2019-02-05 CVE-2019-7396 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. Ubuntu_linux, Debian_linux, Imagemagick, Leap 7.5