Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-06-22 | CVE-2020-14983 | The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. | Chocolate_doom, Crispy_doom, Backports, Leap | 9.8 | ||
2020-07-09 | CVE-2020-12424 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | Firefox, Leap | 6.5 | ||
2020-07-09 | CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 6.5 | ||
2020-07-09 | CVE-2020-12415 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. | Firefox, Leap | 6.5 | ||
2020-07-09 | CVE-2020-12419 | When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 8.8 | ||
2020-07-09 | CVE-2020-12422 | In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. | Firefox, Leap | 8.8 | ||
2020-03-20 | CVE-2019-18860 | Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | Ubuntu_linux, Debian_linux, Leap, Squid | 6.1 | ||
2020-08-07 | CVE-2020-8026 | A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. | Backports_sle, Leap, Tumbleweed | 7.8 | ||
2020-08-24 | CVE-2020-14349 | It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | Leap, Postgresql | 7.1 | ||
2020-08-24 | CVE-2020-14350 | It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. | Ubuntu_linux, Debian_linux, Leap, Postgresql | 7.3 |