Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-28 | CVE-2020-13362 | In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | Ubuntu_linux, Debian_linux, Leap, Qemu | 3.2 | ||
| 2020-06-01 | CVE-2020-12867 | A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. | Ubuntu_linux, Debian_linux, Fedora, Leap, Sane_backends | 5.5 | ||
| 2020-06-02 | CVE-2020-13659 | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | Ubuntu_linux, Debian_linux, Leap, Qemu | 2.5 | ||
| 2020-06-03 | CVE-2020-13379 | The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | Fedora, Grafana, E\-Series_performance_analyzer, Backports_sle, Leap | 8.2 | ||
| 2020-06-03 | CVE-2020-6493 | Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Chrome, Backports, Leap | 9.6 | ||
| 2020-06-03 | CVE-2020-6494 | Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | Debian_linux, Chrome, Backports_sle, Leap | 6.5 | ||
| 2020-06-03 | CVE-2020-6495 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | Debian_linux, Chrome, Backports, Leap | 6.5 | ||
| 2020-06-03 | CVE-2020-6496 | Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-06-04 | CVE-2020-13800 | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | Ubuntu_linux, Leap, Qemu | 6.0 | ||
| 2020-06-05 | CVE-2020-12723 | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl | 7.5 |