Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-05 | CVE-2020-5208 | It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. | Debian_linux, Fedora, Ipmitool, Leap | 8.8 | ||
| 2020-02-05 | CVE-2020-8631 | cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | Cloud\-Init, Debian_linux, Leap | 5.5 | ||
| 2020-02-05 | CVE-2020-8632 | In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | Cloud\-Init, Debian_linux, Leap | 5.5 | ||
| 2020-02-05 | CVE-2020-7216 | An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. | Leap, Wicked | 7.5 | ||
| 2020-02-06 | CVE-2020-8647 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | Debian_linux, Linux_kernel, Leap | 6.1 | ||
| 2020-02-06 | CVE-2020-8648 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | Brocade_fabric_operating_system_firmware, Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Hci_baseboard_management_controller, Solidfire_baseboard_management_controller, Leap | 7.1 | ||
| 2020-02-06 | CVE-2020-8649 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | Debian_linux, Linux_kernel, Leap | 5.9 | ||
| 2020-02-06 | CVE-2020-8608 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | Debian_linux, Libslirp, Leap | 5.6 | ||
| 2020-02-07 | CVE-2020-1700 | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. | Ubuntu_linux, Ceph, Leap, Openshift_container_storage | 6.5 | ||
| 2020-02-10 | CVE-2020-7059 | When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. | Debian_linux, Leap, Communications_diameter_signaling_router, Php, Tenable\.sc | 9.1 |