Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-09 | CVE-2020-12424 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | Firefox, Leap | 6.5 | ||
| 2020-07-09 | CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 6.5 | ||
| 2020-07-09 | CVE-2020-12415 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. | Firefox, Leap | 6.5 | ||
| 2020-07-09 | CVE-2020-12419 | When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 8.8 | ||
| 2020-07-09 | CVE-2020-12422 | In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. | Firefox, Leap | 8.8 | ||
| 2020-03-20 | CVE-2019-18860 | Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | Ubuntu_linux, Debian_linux, Leap, Squid | 6.1 | ||
| 2017-12-20 | CVE-2017-17805 | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation... | Ubuntu_linux, Debian_linux, Linux_kernel, Leap, Leap, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_server_for_raspberry_pi | 7.8 | ||
| 2017-12-20 | CVE-2017-17806 | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | Ubuntu_linux, Debian_linux, Linux_kernel, Leap, Leap, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_server_for_raspberry_pi | 7.8 | ||
| 2019-11-18 | CVE-2019-19052 | A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. | Brocade_fabric_operating_system_firmware, Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Aff_baseboard_management_controller, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Fas\/aff_baseboard_management_controller, Hci_baseboard_management_controller, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap, Sd\-Wan_edge | 7.5 | ||
| 2019-11-18 | CVE-2019-19060 | A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. | Brocade_fabric_operating_system_firmware, Ubuntu_linux, Linux_kernel, Active_iq_unified_manager, Aff_baseboard_management_controller, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Fas\/aff_baseboard_management_controller, Hci_baseboard_management_controller, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap | 7.5 |