Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-03 | CVE-2020-16007 | Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | Debian_linux, Chrome, Backports_sle, Leap | 7.8 | ||
| 2020-11-03 | CVE-2020-16008 | Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-11-03 | CVE-2020-16011 | Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Chrome, Backports_sle, Leap | 9.6 | ||
| 2020-11-04 | CVE-2020-28049 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | Debian_linux, Fedora, Leap, Sddm | 6.3 | ||
| 2021-02-09 | CVE-2021-26675 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | Debian_linux, Connman, Leap | 8.8 | ||
| 2021-02-09 | CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | Debian_linux, Connman, Leap | 6.5 | ||
| 2022-01-01 | CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | Debian_linux, Fedora, Factory, Leap, Enterprise_linux, Software_collections, Date, Ruby, Linux_enterprise | 7.5 | ||
| 2022-01-06 | CVE-2021-46141 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Backports, Factory, Leap, Uriparser | 5.5 | ||
| 2022-01-06 | CVE-2021-46142 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Backports, Factory, Leap, Uriparser | 5.5 | ||
| 2022-10-06 | CVE-2022-31252 | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior... | Leap, Leap_micro, Linux_enterprise_server | 4.4 |