Product:

Leap

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/ImageMagick/ImageMagick
https://github.com/torvalds/linux
https://github.com/madler/zlib
https://github.com/libgd/libgd
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/roundcube/roundcubemail
https://github.com/dbry/WavPack
https://github.com/golang/go
https://github.com/file/file
https://github.com/tats/w3m
https://github.com/dosfstools/dosfstools
https://github.com/atheme/atheme
https://github.com/quassel/quassel
https://github.com/git/git
https://github.com/krb5/krb5
https://github.com/mysql/mysql-server
https://git.kernel.org/pub/scm/git/git.git
https://github.com/heimdal/heimdal
https://github.com/opencontainers/runc
https://github.com/WebKit/webkit
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/ClusterLabs/pacemaker
https://github.com/curl/curl
https://github.com/vadz/libtiff
https://github.com/uclouvain/openjpeg
https://github.com/libimobiledevice/libimobiledevice
https://github.com/esnet/iperf
https://github.com/FFmpeg/FFmpeg
https://github.com/fragglet/lhasa
https://github.com/TigerVNC/tigervnc
https://github.com/mm2/Little-CMS
https://github.com/stedolan/jq
https://github.com/Matroska-Org/libmatroska
https://github.com/mdadams/jasper
https://github.com/ntp-project/ntp
https://github.com/the-tcpdump-group/tcpdump
https://github.com/FreeRDP/FreeRDP
#Vulnerabilities 670
Date ID Summary Products Score Patch
2019-05-30 CVE-2019-8457 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Ubuntu_linux, Fedora, Leap, Sqlite N/A
2019-11-22 CVE-2019-18622 An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. Fedora, Backports_sle, Leap, Phpmyadmin N/A
2019-09-09 CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." Ubuntu_linux, Fedora, Ontap_select_deploy_administration_utility, Leap, Sqlite N/A
2019-09-13 CVE-2019-15030 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. Ubuntu_linux, Linux_kernel, Leap, Enterprise_linux N/A
2020-01-08 CVE-2019-17012 Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A
2020-01-08 CVE-2019-17011 Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A
2020-01-08 CVE-2019-17010 Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A
2020-01-08 CVE-2019-17008 When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A
2020-01-08 CVE-2019-17005 The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A
2020-01-08 CVE-2019-11745 When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A