Product:

Backports_sle

(Opensuse)
Repositories https://github.com/opencontainers/runc
https://github.com/lighttpd/lighttpd1.4
#Vulnerabilities 326
Date Id Summary Products Score Patch Annotated
2020-02-20 CVE-2020-9273 In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. Debian_linux, Fedora, Backports_sle, Leap, Proftpd, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1545\-1_firmware 8.8
2020-02-27 CVE-2020-7041 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. Fedora, Openfortivpn, Backports_sle, Leap 5.3
2020-02-27 CVE-2020-7042 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). Fedora, Openfortivpn, Backports_sle, Leap 5.3
2020-02-27 CVE-2020-7043 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. Fedora, Openfortivpn, Backports_sle, Leap 9.1
2020-03-22 CVE-2020-10804 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). Fedora, Backports_sle, Leap, Phpmyadmin, Package_hub 8.0
2020-03-22 CVE-2020-10802 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. Debian_linux, Fedora, Backports_sle, Leap, Phpmyadmin, Package_hub 8.0
2020-03-22 CVE-2020-10803 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. Debian_linux, Fedora, Backports_sle, Leap, Phpmyadmin, Package_hub 5.4
2020-03-23 CVE-2020-6422 Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 8.8
2020-03-23 CVE-2020-6424 Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 8.8
2020-03-23 CVE-2020-6426 Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server 6.5