Product:

Backports_sle

(Opensuse)
Date Id Summary Products Score Patch Annotated
2020-06-12 CVE-2020-14004 An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. Icinga, Backports_sle, Leap 7.8
2020-05-06 CVE-2020-12672 GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. Debian_linux, Graphicsmagick, Backports_sle, Leap 7.5
2020-01-24 CVE-2019-3693 A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version... Backports_sle, Mailman 7.8
2020-01-08 CVE-2020-6609 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Libredwg, Backports_sle, Leap 8.8
2020-01-08 CVE-2020-6611 GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. Libredwg, Backports_sle, Leap 6.5
2020-01-08 CVE-2020-6612 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. Libredwg, Backports_sle, Leap 8.1
2020-01-08 CVE-2020-6613 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. Libredwg, Backports_sle, Leap 8.1
2020-01-08 CVE-2020-6614 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. Libredwg, Backports_sle, Leap 8.1
2020-01-08 CVE-2020-6615 GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). Libredwg, Backports_sle, Leap 6.5
2020-05-04 CVE-2020-12625 An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. Debian_linux, Backports_sle, Leap, Webmail 6.1