Product:

Leap

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/ImageMagick/ImageMagick
https://github.com/torvalds/linux
https://github.com/krb5/krb5
https://github.com/madler/zlib
https://github.com/libgd/libgd
https://github.com/php/php-src
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/roundcube/roundcubemail
https://github.com/tats/w3m
https://github.com/golang/go
https://github.com/dbry/WavPack
https://github.com/git/git
https://github.com/file/file
https://github.com/dosfstools/dosfstools
https://github.com/atheme/atheme
https://github.com/quassel/quassel
https://github.com/bcgit/bc-java
https://github.com/esnet/iperf
https://github.com/apache/httpd
https://github.com/opencontainers/runc
https://github.com/mm2/Little-CMS
https://github.com/FFmpeg/FFmpeg
https://github.com/uclouvain/openjpeg
https://git.kernel.org/pub/scm/git/git.git
https://github.com/mdadams/jasper
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/rdesktop/rdesktop
https://github.com/ntp-project/ntp
https://github.com/requests/requests
https://github.com/lighttpd/lighttpd1.4
https://github.com/heimdal/heimdal
https://github.com/erikd/libsndfile
https://github.com/FreeRDP/FreeRDP
https://github.com/mysql/mysql-server
https://github.com/WebKit/webkit
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/ClusterLabs/pacemaker
https://github.com/curl/curl
https://github.com/vadz/libtiff
https://github.com/libimobiledevice/libimobiledevice
https://github.com/fragglet/lhasa
https://github.com/TigerVNC/tigervnc
https://github.com/stedolan/jq
https://github.com/Matroska-Org/libmatroska
https://github.com/the-tcpdump-group/tcpdump
#Vulnerabilities 1884
Date Id Summary Products Score Patch Annotated
2019-12-20 CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Bookkeeper, Log4j, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Oncommand_workflow_automation, Leap, Application_testing_suite, Communications_network_integrity, Endeca_information_discovery_studio, Financial_services_lending_and_leasing, Mysql_enterprise_monitor, Primavera_gateway, Rapid_planning, Retail_extract_transform_and_load, Retail_service_backbone, Weblogic_server 9.8
2019-12-20 CVE-2019-19917 Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Fedora, Lout, Backports_sle, Leap 7.8
2019-12-20 CVE-2019-19918 Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Fedora, Lout, Backports_sle, Leap 7.8
2019-12-23 CVE-2019-11045 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. Ubuntu_linux, Debian_linux, Fedora, Leap, Php, Securitycenter 5.9
2019-12-23 CVE-2019-11046 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. Ubuntu_linux, Debian_linux, Fedora, Leap, Php, Securitycenter 5.3
2019-12-23 CVE-2019-11050 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Ubuntu_linux, Debian_linux, Fedora, Leap, Php, Securitycenter 6.5
2019-12-23 CVE-2019-17563 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Tomcat, Ubuntu_linux, Debian_linux, Leap, Agile_engineering_data_management, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Micros_relate_crm_software, Mysql_enterprise_monitor, Retail_order_broker, Transportation_management 7.5
2019-12-23 CVE-2019-12418 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. Tomcat, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Leap, Workload_manager 7.0
2020-01-03 CVE-2019-5844 Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chrome, Backports_sle, Leap 6.5
2020-01-03 CVE-2019-5845 Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chrome, Backports_sle, Leap 6.5