Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-06 | CVE-2020-25862 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | Debian_linux, Fedora, Leap, Zfs_storage_appliance_firmware, Wireshark | 7.5 | ||
| 2020-10-06 | CVE-2020-25863 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. | Debian_linux, Fedora, Leap, Zfs_storage_appliance_firmware, Wireshark | 7.5 | ||
| 2020-10-06 | CVE-2020-25866 | In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | Fedora, Leap, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2020-10-10 | CVE-2020-26934 | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | Debian_linux, Fedora, Backports_sle, Leap, Phpmyadmin | 6.1 | ||
| 2020-10-10 | CVE-2020-26935 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | Debian_linux, Fedora, Backports_sle, Leap, Phpmyadmin | 9.8 | ||
| 2020-10-21 | CVE-2020-14779 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,... | Debian_linux, Fedora, 7\-Mode_transition_tool, Active_iq_unified_manager, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Hci_storage_node, Oncommand_insight, Oncommand_unified_manager_core_package, Santricity_cloud_connector, Santricity_unified_manager, Snapmanager, Solidfire, Leap, Jdk, Jre | 3.7 | ||
| 2020-10-22 | CVE-2020-27670 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | Debian_linux, Fedora, Leap, Xen | 7.8 | ||
| 2020-10-22 | CVE-2020-27671 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | Debian_linux, Fedora, Leap, Xen | 7.8 | ||
| 2020-10-22 | CVE-2020-27672 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | Debian_linux, Fedora, Leap, Xen | 7.0 | ||
| 2020-11-03 | CVE-2020-16004 | Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 |