Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-01-21 | CVE-2020-5202 | apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this... | Apt\-Cacher\-Ng, Debian_linux, Backports, Leap | 5.5 | ||
2020-02-05 | CVE-2020-8632 | In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | Cloud\-Init, Debian_linux, Leap | 5.5 | ||
2020-02-13 | CVE-2020-0561 | Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | Software_guard_extensions_sdk, Backports, Leap | 7.8 | ||
2020-02-27 | CVE-2020-7062 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. | Ubuntu_linux, Debian_linux, Leap, Php | 7.5 | ||
2020-03-23 | CVE-2020-10592 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. | Backports, Leap, Tor | 7.5 | ||
2020-03-24 | CVE-2020-10938 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. | Debian_linux, Graphicsmagick, Backports, Leap | 9.8 | ||
2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | Debian_linux, Backports_sle, Leap, Zabbix | 9.8 | ||
2020-02-06 | CVE-2020-8647 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | Debian_linux, Linux_kernel, Leap | 6.1 | ||
2020-02-06 | CVE-2020-8649 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | Debian_linux, Linux_kernel, Leap | 5.9 | ||
2020-02-05 | CVE-2020-8631 | cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | Cloud\-Init, Debian_linux, Leap | 5.5 |