Leap - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Leap
(Opensuse)

Repositories

• https://github.com/phpmyadmin/phpmyadmin
• https://github.com/ImageMagick/ImageMagick
• https://github.com/torvalds/linux
• https://github.com/krb5/krb5
• https://github.com/madler/zlib

• https://github.com/libgd/libgd
• https://github.com/php/php-src
• https://github.com/ceph/ceph
• https://github.com/libarchive/libarchive
• https://github.com/roundcube/roundcubemail
• https://github.com/tats/w3m
• https://github.com/golang/go
• https://github.com/dbry/WavPack
• https://github.com/git/git
• https://github.com/file/file
• https://github.com/dosfstools/dosfstools
• https://github.com/atheme/atheme
• https://github.com/quassel/quassel
• https://github.com/opencontainers/runc
• https://github.com/bcgit/bc-java
• https://github.com/mm2/Little-CMS
• https://github.com/FFmpeg/FFmpeg
• https://github.com/uclouvain/openjpeg
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/mdadams/jasper
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/apache/httpd
• https://github.com/rdesktop/rdesktop
• https://github.com/ntp-project/ntp
• https://github.com/requests/requests
• https://github.com/esnet/iperf
• https://github.com/lighttpd/lighttpd1.4
• https://github.com/heimdal/heimdal
• https://github.com/erikd/libsndfile
• https://github.com/FreeRDP/FreeRDP
• https://github.com/mysql/mysql-server
• https://github.com/WebKit/webkit
• https://github.com/liblouis/liblouis
• https://github.com/lavv17/lftp
• https://github.com/viewvc/viewvc
• https://github.com/moinwiki/moin-1.9
• https://github.com/ClusterLabs/pacemaker
• https://github.com/curl/curl
• https://github.com/vadz/libtiff
• https://github.com/libimobiledevice/libimobiledevice
• https://github.com/fragglet/lhasa
• https://github.com/TigerVNC/tigervnc
• https://github.com/stedolan/jq
• https://github.com/Matroska-Org/libmatroska
• https://github.com/the-tcpdump-group/tcpdump

#Vulnerabilities

1883

Date	Id	Summary	Products	Score	Patch	Annotated
2020-09-21	CVE-2020-6570	Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.	Debian_linux, Fedora, Chrome, Backports_sle, Leap	4.3
2020-09-21	CVE-2020-6571	Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.	Debian_linux, Fedora, Chrome, Backports_sle, Leap	4.3
2020-09-21	CVE-2020-6573	Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	Debian_linux, Fedora, Chrome, Backports_sle, Leap	9.6
2020-09-21	CVE-2020-6574	Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.	Debian_linux, Fedora, Chrome, Backports_sle, Leap	7.8
2020-09-21	CVE-2020-6575	Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	Debian_linux, Fedora, Chrome, Backports_sle, Leap	8.3
2020-09-21	CVE-2020-6576	Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Debian_linux, Fedora, Chrome, Backports_sle, Leap	8.8
2020-09-23	CVE-2020-25595	An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest...	Debian_linux, Fedora, Leap, Xen	7.8
2020-09-23	CVE-2020-25596	An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can...	Debian_linux, Fedora, Leap, Xen	5.5
2020-09-23	CVE-2020-25598	An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock,...	Fedora, Leap, Xen	5.5
2020-09-23	CVE-2020-25599	An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of...	Debian_linux, Fedora, Leap, Xen	7.0