Product:

Backports_sle

(Opensuse)
Date Id Summary Products Score Patch Annotated
2020-03-23 CVE-2020-10593 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. Backports_sle, Leap, Tor 7.5
2020-07-29 CVE-2020-16118 In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. Balsa, Backports_sle, Leap 7.5
2020-10-07 CVE-2020-26164 In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. Kdeconnect, Backports_sle, Leap 5.5
2020-01-21 CVE-2020-7040 storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) Ubuntu_linux, Debian_linux, Backports_sle, Leap, Storebackup 8.1
2020-08-07 CVE-2020-8026 A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. Backports_sle, Leap, Tumbleweed 7.8
2019-07-26 CVE-2019-14274 MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Mcpp, Backports_sle, Leap 5.5
2020-04-08 CVE-2020-11653 An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. Debian_linux, Backports_sle, Leap, Varnish_cache, Varnish_cache 7.5
2020-09-25 CVE-2019-11556 Pagure before 5.6 allows XSS via the templates/blame.html blame view. Backports_sle, Leap, Pagure 6.1
2020-10-14 CVE-2020-15229 Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a... Backports_sle, Leap, Singularity 9.3
2020-01-24 CVE-2019-3692 The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. Backports_sle, Leap, Inn 7.8