Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-09 | CVE-2020-25219 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | Ubuntu_linux, Debian_linux, Fedora, Libproxy, Leap | 7.5 | ||
| 2020-09-10 | CVE-2020-6097 | An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | Atftp, Debian_linux, Leap | 7.5 | ||
| 2020-09-13 | CVE-2020-25284 | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | Debian_linux, Linux_kernel, Leap | 4.1 | ||
| 2020-09-15 | CVE-2020-8927 | A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. | Ubuntu_linux, Debian_linux, Fedora, Brotli, \.net, \.net_core, Powershell, Visual_studio_2019, Visual_studio_2022, Leap | 6.5 | ||
| 2020-09-16 | CVE-2020-14386 | A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | Debian_linux, Fedora, Linux_kernel, Leap | 7.8 | ||
| 2020-09-16 | CVE-2020-14392 | An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | Ubuntu_linux, Debian_linux, Fedora, Leap, Database_interface | 5.5 | ||
| 2020-09-16 | CVE-2020-14393 | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | Debian_linux, Fedora, Leap, Database_interface | 7.1 | ||
| 2020-09-16 | CVE-2020-25039 | Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | Leap, Singularity | 8.1 | ||
| 2020-09-16 | CVE-2020-25040 | Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | Leap, Singularity | 8.8 | ||
| 2020-09-18 | CVE-2020-8201 | Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. | Fedora, Node\.js, Leap | 7.4 |