#Vulnerabilities 1283
Date Id Summary Products Score Patch Annotated
2019-12-03 CVE-2019-13456 In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. Freeradius, Leap, Enterprise_linux 6.5
2019-12-03 CVE-2019-5163 An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. Backports, Leap, Shadowsocks\-Libev 7.5
2019-12-27 CVE-2019-20053 An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Backports, Leap, Upx 5.5
2020-01-08 CVE-2020-6610 GNU LibreDWG has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. Libredwg, Backports, Leap 6.5
2020-01-08 CVE-2019-17021 During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Firefox, Firefox_esr, Leap 5.3
2020-01-21 CVE-2020-5202 apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this... Apt\-Cacher\-Ng, Debian_linux, Backports, Leap 5.5
2020-02-05 CVE-2020-8632 In cloud-init through 19.4, rand_user_password in cloudinit/config/ has a small default pwlen value, which makes it easier for attackers to guess passwords. Cloud\-Init, Debian_linux, Leap 5.5
2020-02-07 CVE-2020-1700 A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. Ubuntu_linux, Ceph, Leap, Openshift_container_storage 6.5
2020-02-13 CVE-2020-0561 Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Software_guard_extensions_sdk, Backports, Leap 7.8
2020-02-20 CVE-2019-20479 A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. Debian_linux, Fedora, Leap, Mod_auth_openidc 6.1