Product:

Backports_sle

(Opensuse)
Date Id Summary Products Score Patch Annotated
2020-08-07 CVE-2020-8026 A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. Backports_sle, Leap, Tumbleweed 7.8
2019-07-26 CVE-2019-14274 MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Mcpp, Backports_sle, Leap 5.5
2020-04-08 CVE-2020-11653 An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. Debian_linux, Backports_sle, Leap, Varnish_cache, Varnish_cache 7.5
2020-09-25 CVE-2019-11556 Pagure before 5.6 allows XSS via the templates/blame.html blame view. Backports_sle, Leap, Pagure 6.1
2020-10-14 CVE-2020-15229 Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a... Backports_sle, Leap, Singularity 9.3
2020-01-24 CVE-2019-3692 The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. Backports_sle, Leap, Inn 7.8
2020-06-12 CVE-2020-14004 An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. Icinga, Backports_sle, Leap 7.8
2020-05-06 CVE-2020-12672 GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. Debian_linux, Graphicsmagick, Backports_sle, Leap 7.5
2020-01-24 CVE-2019-3693 A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version... Backports_sle, Mailman 7.8
2020-01-08 CVE-2020-6609 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Libredwg, Backports_sle, Leap 8.8