Leap - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Leap
(Opensuse)

Repositories

• https://github.com/phpmyadmin/phpmyadmin
• https://github.com/ImageMagick/ImageMagick
• https://github.com/torvalds/linux
• https://github.com/krb5/krb5
• https://github.com/madler/zlib

• https://github.com/libgd/libgd
• https://github.com/php/php-src
• https://github.com/ceph/ceph
• https://github.com/libarchive/libarchive
• https://github.com/roundcube/roundcubemail
• https://github.com/tats/w3m
• https://github.com/golang/go
• https://github.com/dbry/WavPack
• https://github.com/git/git
• https://github.com/file/file
• https://github.com/dosfstools/dosfstools
• https://github.com/atheme/atheme
• https://github.com/quassel/quassel
• https://github.com/apache/httpd
• https://github.com/opencontainers/runc
• https://github.com/bcgit/bc-java
• https://github.com/mm2/Little-CMS
• https://github.com/FFmpeg/FFmpeg
• https://github.com/uclouvain/openjpeg
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/mdadams/jasper
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/rdesktop/rdesktop
• https://github.com/ntp-project/ntp
• https://github.com/requests/requests
• https://github.com/esnet/iperf
• https://github.com/lighttpd/lighttpd1.4
• https://github.com/heimdal/heimdal
• https://github.com/erikd/libsndfile
• https://github.com/FreeRDP/FreeRDP
• https://github.com/mysql/mysql-server
• https://github.com/WebKit/webkit
• https://github.com/liblouis/liblouis
• https://github.com/lavv17/lftp
• https://github.com/viewvc/viewvc
• https://github.com/moinwiki/moin-1.9
• https://github.com/ClusterLabs/pacemaker
• https://github.com/curl/curl
• https://github.com/vadz/libtiff
• https://github.com/libimobiledevice/libimobiledevice
• https://github.com/fragglet/lhasa
• https://github.com/TigerVNC/tigervnc
• https://github.com/stedolan/jq
• https://github.com/Matroska-Org/libmatroska
• https://github.com/the-tcpdump-group/tcpdump

#Vulnerabilities

1883

Date	Id	Summary	Products	Score	Patch	Annotated
2020-06-18	CVE-2020-14416	In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.	Linux_kernel, Leap	4.2
2020-06-18	CVE-2020-14422	Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4,...	Fedora, Leap, Enterprise_manager_ops_center, Python	5.9
2020-06-19	CVE-2020-8164	A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.	Debian_linux, Backports_sle, Leap, Rails	7.5
2020-06-19	CVE-2020-8165	A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.	Debian_linux, Leap, Rails	9.8
2020-06-21	CVE-2020-14954	Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."	Ubuntu_linux, Debian_linux, Fedora, Mutt, Neomutt, Leap	5.9
2020-06-22	CVE-2020-8903	A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point...	Guest\-Oslogin, Leap	7.8
2020-06-22	CVE-2020-8907	A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed,...	Guest\-Oslogin, Leap	7.8
2020-06-22	CVE-2020-8933	A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you...	Guest\-Oslogin, Leap	7.8
2020-06-22	CVE-2020-14983	The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.	Chocolate_doom, Crispy_doom, Backports, Leap	9.8
2020-06-22	CVE-2020-4030	In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.	Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap	6.5