Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-02 | CVE-2019-20446 | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | Ubuntu_linux, Debian_linux, Fedora, Librsvg, Active_iq_unified_manager, Leap | 6.5 | ||
| 2020-02-04 | CVE-2019-12528 | An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 7.5 | ||
| 2020-02-12 | CVE-2019-19921 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | Ubuntu_linux, Debian_linux, Runc, Leap, Openshift_container_platform | 7.0 | ||
| 2020-02-20 | CVE-2019-20479 | A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | Debian_linux, Fedora, Mod_auth_openidc, Leap | 6.1 | ||
| 2020-02-24 | CVE-2019-17569 | The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | Tomcat, Tomee, Debian_linux, Data_availability_services, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_plm, Communications_instant_messaging_server, Health_sciences_empirica_inspections, Health_sciences_empirica_signal, Hospitality_guest_access, Instantis_enterprisetrack, Mysql_enterprise_monitor, Transportation_management, Workload_manager | 4.8 | ||
| 2020-03-02 | CVE-2020-10018 | WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. | Ubuntu_linux, Debian_linux, Fedora, Leap, Webkitgtk, Wpe_webkit | 9.8 | ||
| 2020-03-04 | CVE-2020-10029 | The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | Ubuntu_linux, Debian_linux, Fedora, Glibc, Active_iq_unified_manager, Cloud_backup, H410c_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap | 5.5 | ||
| 2020-03-05 | CVE-2019-20382 | QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | Ubuntu_linux, Debian_linux, Leap, Qemu | 3.5 | ||
| 2020-03-12 | CVE-2020-10531 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | Ubuntu_linux, Debian_linux, Fedora, Chrome, International_components_for_unicode, Node\.js, Leap, Banking_extensibility_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2020-03-22 | CVE-2020-10804 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | Fedora, Backports_sle, Leap, Phpmyadmin, Package_hub | 8.0 |