Product:

Leap

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/ImageMagick/ImageMagick
https://github.com/krb5/krb5
https://github.com/torvalds/linux
https://github.com/libgd/libgd
https://github.com/madler/zlib
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/roundcube/roundcubemail
https://github.com/dbry/WavPack
https://github.com/dosfstools/dosfstools
https://github.com/golang/go
https://github.com/file/file
https://github.com/tats/w3m
https://github.com/atheme/atheme
https://github.com/quassel/quassel
https://github.com/git/git
https://github.com/erikd/libsndfile
https://github.com/opencontainers/runc
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/FreeRDP/FreeRDP
https://github.com/esnet/iperf
https://github.com/mysql/mysql-server
https://git.kernel.org/pub/scm/git/git.git
https://github.com/heimdal/heimdal
https://github.com/WebKit/webkit
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/ClusterLabs/pacemaker
https://github.com/curl/curl
https://github.com/vadz/libtiff
https://github.com/uclouvain/openjpeg
https://github.com/libimobiledevice/libimobiledevice
https://github.com/FFmpeg/FFmpeg
https://github.com/fragglet/lhasa
https://github.com/TigerVNC/tigervnc
https://github.com/mm2/Little-CMS
https://github.com/stedolan/jq
https://github.com/Matroska-Org/libmatroska
https://github.com/mdadams/jasper
https://github.com/ntp-project/ntp
https://github.com/the-tcpdump-group/tcpdump
#Vulnerabilities 1129
Date Id Summary Products Score Patch Annotated
2020-02-04 CVE-2020-8517 An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. Ubuntu_linux, Leap, Squid 7.5
2020-02-04 CVE-2020-8450 An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 7.3
2020-02-04 CVE-2020-8449 An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 7.5
2020-01-15 CVE-2020-2654 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying... Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 3.7
2020-01-15 CVE-2020-2601 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability... Ubuntu_linux, Debian_linux, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 6.8
2020-01-15 CVE-2020-2604 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java... Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Graalvm, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.1
2020-09-02 CVE-2020-15811 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an... Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 6.5
2018-01-04 CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Cortex\-A_firmware, Cortex\-R_firmware, Ubuntu_linux, Debian_linux, Atom_c, Atom_e, Atom_x3, Atom_z, Celeron_j, Celeron_n, Core_i3, Core_i5, Core_i7, Core_m, Core_m3, Core_m5, Core_m7, Pentium_j, Pentium_n, Xeon, Xeon_bronze_3104, Xeon_bronze_3106, Xeon_e3, Xeon_e3_1105c_v2, Xeon_e3_1125c, Xeon_e3_1125c_v2, Xeon_e3_1220, Xeon_e3_12201, Xeon_e3_12201_v2, Xeon_e3_1220_v2, Xeon_e3_1220_v3, Xeon_e3_1220_v5, Xeon_e3_1220_v6, Xeon_e3_1220l_v3, Xeon_e3_1225, Xeon_e3_1225_v2, Xeon_e3_1225_v3, Xeon_e3_1225_v5, Xeon_e3_1225_v6, Xeon_e3_1226_v3, Xeon_e3_1230, Xeon_e3_1230_v2, Xeon_e3_1230_v3, Xeon_e3_1230_v5, Xeon_e3_1230_v6, Xeon_e3_1230l_v3, Xeon_e3_1231_v3, Xeon_e3_1235, Xeon_e3_1235l_v5, Xeon_e3_1240, Xeon_e3_1240_v2, Xeon_e3_1240_v3, Xeon_e3_1240_v5, Xeon_e3_1240_v6, Xeon_e3_1240l_v3, Xeon_e3_1240l_v5, Xeon_e3_1241_v3, Xeon_e3_1245, Xeon_e3_1245_v2, Xeon_e3_1245_v3, Xeon_e3_1245_v5, Xeon_e3_1245_v6, Xeon_e3_1246_v3, Xeon_e3_1258l_v4, Xeon_e3_1260l, Xeon_e3_1260l_v5, Xeon_e3_1265l_v2, Xeon_e3_1265l_v3, Xeon_e3_1265l_v4, Xeon_e3_1268l_v3, Xeon_e3_1268l_v5, Xeon_e3_1270, Xeon_e3_1270_v2, Xeon_e3_1270_v3, Xeon_e3_1270_v5, Xeon_e3_1270_v6, Xeon_e3_1271_v3, Xeon_e3_1275, Xeon_e3_1275_v2, Xeon_e3_1275_v3, Xeon_e3_1275_v5, Xeon_e3_1275_v6, Xeon_e3_1275l_v3, Xeon_e3_1276_v3, Xeon_e3_1278l_v4, Xeon_e3_1280, Xeon_e3_1280_v2, Xeon_e3_1280_v3, Xeon_e3_1280_v5, Xeon_e3_1280_v6, Xeon_e3_1281_v3, Xeon_e3_1285_v3, Xeon_e3_1285_v4, Xeon_e3_1285_v6, Xeon_e3_1285l_v3, Xeon_e3_1285l_v4, Xeon_e3_1286_v3, Xeon_e3_1286l_v3, Xeon_e3_1290, Xeon_e3_1290_v2, Xeon_e3_1501l_v6, Xeon_e3_1501m_v6, Xeon_e3_1505l_v5, Xeon_e3_1505l_v6, Xeon_e3_1505m_v5, Xeon_e5, Xeon_e5_1428l, Xeon_e5_1428l_v2, Xeon_e5_1428l_v3, Xeon_e5_1620, Xeon_e5_1620_v2, Xeon_e5_1620_v3, Xeon_e5_1620_v4, Xeon_e5_1630_v3, Xeon_e5_1630_v4, Xeon_e5_1650, Xeon_e5_1650_v2, Xeon_e5_1650_v3, Xeon_e5_1650_v4, Xeon_e5_1660, Xeon_e5_1660_v2, Xeon_e5_1660_v3, Xeon_e5_1660_v4, Xeon_e5_1680_v3, Xeon_e5_1680_v4, Xeon_e5_2403, Xeon_e5_2403_v2, Xeon_e5_2407, Xeon_e5_2407_v2, Xeon_e5_2408l_v3, Xeon_e5_2418l, Xeon_e5_2418l_v2, Xeon_e5_2418l_v3, Xeon_e5_2420, Xeon_e5_2420_v2, Xeon_e5_2428l, Xeon_e5_2428l_v2, Xeon_e5_2428l_v3, Xeon_e5_2430, Xeon_e5_2430_v2, Xeon_e5_2430l, Xeon_e5_2430l_v2, Xeon_e5_2438l_v3, Xeon_e5_2440, Xeon_e5_2440_v2, Xeon_e5_2448l, Xeon_e5_2448l_v2, Xeon_e5_2450, Xeon_e5_2450_v2, Xeon_e5_2450l, Xeon_e5_2450l_v2, Xeon_e5_2470, Xeon_e5_2470_v2, Xeon_e5_2603, Xeon_e5_2603_v2, Xeon_e5_2603_v3, Xeon_e5_2603_v4, Xeon_e5_2608l_v3, Xeon_e5_2608l_v4, Xeon_e5_2609, Xeon_e5_2609_v2, Xeon_e5_2609_v3, Xeon_e5_2609_v4, Xeon_e5_2618l_v2, Xeon_e5_2618l_v3, Xeon_e5_2618l_v4, Xeon_e5_2620, Xeon_e5_2620_v2, Xeon_e5_2620_v3, Xeon_e5_2620_v4, Xeon_e5_2623_v3, Xeon_e5_2623_v4, Xeon_e5_2628l_v2, Xeon_e5_2628l_v3, Xeon_e5_2628l_v4, Xeon_e5_2630, Xeon_e5_2630_v2, Xeon_e5_2630_v3, Xeon_e5_2630_v4, Xeon_e5_2630l, Xeon_e5_2630l_v2, Xeon_e5_2630l_v3, Xeon_e5_2630l_v4, Xeon_e5_2637, Xeon_e5_2637_v2, Xeon_e5_2637_v3, Xeon_e5_2637_v4, Xeon_e5_2640, Xeon_e5_2640_v2, Xeon_e5_2640_v3, Xeon_e5_2640_v4, Xeon_e5_2643, Xeon_e5_2643_v2, Xeon_e5_2643_v3, Xeon_e5_2643_v4, Xeon_e5_2648l, Xeon_e5_2648l_v2, Xeon_e5_2648l_v3, Xeon_e5_2648l_v4, Xeon_e5_2650, Xeon_e5_2650_v2, Xeon_e5_2650_v3, Xeon_e5_2650_v4, Xeon_e5_2650l, Xeon_e5_2650l_v2, Xeon_e5_2650l_v3, Xeon_e7, Xeon_e\-1105c, Xeon_gold, Xeon_phi, Xeon_platinum, Xeon_silver, Hci, Solidfire, Leap, Local_service_management_system, Solaris, Btc12_firmware, Btc14_firmware, Visunet_rm_shell, Bl2_bpc_1000_firmware, Bl2_bpc_2000_firmware, Bl2_bpc_7000_firmware, Bl2_ppc_1000_firmware, Bl2_ppc_2000_firmware, Bl2_ppc_7000_firmware, Bl_bpc_2000_firmware, Bl_bpc_2001_firmware, Bl_bpc_3000_firmware, Bl_bpc_3001_firmware, Bl_bpc_7000_firmware, Bl_bpc_7001_firmware, Bl_ppc12_1000_firmware, Bl_ppc15_1000_firmware, Bl_ppc15_3000_firmware, Bl_ppc15_7000_firmware, Bl_ppc17_1000_firmware, Bl_ppc17_3000_firmware, Bl_ppc17_7000_firmware, Bl_ppc_1000_firmware, Bl_ppc_7000_firmware, Bl_rackmount_2u_firmware, Bl_rackmount_4u_firmware, Dl_ppc15_1000_firmware, Dl_ppc15m_7000_firmware, Dl_ppc18\.5m_7000_firmware, Dl_ppc21\.5m_7000_firmware, El_ppc_1000\/m_firmware, El_ppc_1000\/wt_firmware, El_ppc_1000_firmware, Valueline_ipc_firmware, Vl2_bpc_1000_firmware, Vl2_bpc_2000_firmware, Vl2_bpc_3000_firmware, Vl2_bpc_7000_firmware, Vl2_bpc_9000_firmware, Vl2_ppc12_1000_firmware, Vl2_ppc7_1000_firmware, Vl2_ppc9_1000_firmware, Vl2_ppc_1000_firmware, Vl2_ppc_2000_firmware, Vl2_ppc_3000_firmware, Vl2_ppc_7000_firmware, Vl2_ppc_9000_firmware, Vl_bpc_1000_firmware, Vl_bpc_2000_firmware, Vl_bpc_3000_firmware, Vl_ipc_p7000_firmware, Vl_ppc_2000_firmware, Vl_ppc_3000_firmware, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware, Simatic_winac_rtx_\(F\)_2010_firmware, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Diskstation_manager, Router_manager, Skynas, Virtual_machine_manager, Vs360hd_firmware, Vs960hd_firmware, Esxi, Fusion, Workstation 5.6
2020-05-20 CVE-2020-9484 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be... Tomcat, Ubuntu_linux, Debian_linux, Fedora, Leap, Instantis_enterprisetrack 7.0
2020-06-29 CVE-2020-8022 A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise... Tomcat, Leap 8.4