Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-01 | CVE-2020-12867 | A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. | Ubuntu_linux, Debian_linux, Fedora, Leap, Sane_backends | 5.5 | ||
| 2020-06-02 | CVE-2020-13659 | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | Ubuntu_linux, Debian_linux, Leap, Qemu | 2.5 | ||
| 2020-06-03 | CVE-2020-13379 | The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | Fedora, Grafana, E\-Series_performance_analyzer, Backports_sle, Leap | 8.2 | ||
| 2020-06-03 | CVE-2020-6493 | Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Chrome, Backports, Leap | 9.6 | ||
| 2020-06-03 | CVE-2020-6494 | Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | Debian_linux, Chrome, Backports_sle, Leap | 6.5 | ||
| 2020-06-03 | CVE-2020-6495 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | Debian_linux, Chrome, Backports, Leap | 6.5 | ||
| 2020-06-03 | CVE-2020-6496 | Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-06-04 | CVE-2020-13800 | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | Ubuntu_linux, Leap, Qemu | 6.0 | ||
| 2020-06-05 | CVE-2020-12723 | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl | 7.5 | ||
| 2020-06-08 | CVE-2020-12802 | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. | Fedora, Libreoffice, Leap | 5.3 |