Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-09 | CVE-2020-12426 | Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. | Firefox, Leap | 8.8 | ||
| 2020-01-21 | CVE-2019-18932 | log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | Backports_sle, Leap, Squid_analysis_report_generator | 7.0 | ||
| 2020-05-15 | CVE-2020-11521 | libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | Ubuntu_linux, Debian_linux, Freerdp, Leap | 6.6 | ||
| 2020-05-15 | CVE-2020-11526 | libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. | Ubuntu_linux, Debian_linux, Freerdp, Leap | 2.2 | ||
| 2019-12-03 | CVE-2019-19535 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | Debian_linux, Linux_kernel, Leap, Sd\-Wan_edge | 4.6 | ||
| 2020-05-05 | CVE-2020-12653 | An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. | Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap | 7.8 | ||
| 2019-02-28 | CVE-2019-9215 | In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. | Debian_linux, Streaming_media, Backports_sle, Leap | 9.8 | ||
| 2019-09-06 | CVE-2019-9455 | In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | Android, Leap | 2.3 | ||
| 2018-09-04 | CVE-2018-10904 | It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | Debian_linux, Glusterfs, Leap, Enterprise_linux_server, Virtualization_host | 8.8 | ||
| 2018-09-04 | CVE-2018-10911 | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | Debian_linux, Glusterfs, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host | 7.5 |