Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-24 | CVE-2019-1353 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. | Git, Leap | 9.8 | ||
| 2020-01-27 | CVE-2018-20105 | A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. | Leap, Suse_linux_enterprise_server, Yast2\-Rmt | 5.5 | ||
| 2020-01-29 | CVE-2020-8432 | In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. | U\-Boot, Leap | 9.8 | ||
| 2020-01-30 | CVE-2020-8492 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | Ubuntu_linux, Debian_linux, Fedora, Leap, Python | 6.5 | ||
| 2020-02-02 | CVE-2019-20446 | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | Ubuntu_linux, Debian_linux, Fedora, Librsvg, Active_iq_unified_manager, Leap | 6.5 | ||
| 2020-02-04 | CVE-2020-8449 | An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 7.5 | ||
| 2020-02-04 | CVE-2020-8450 | An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 7.3 | ||
| 2020-02-04 | CVE-2019-12528 | An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 7.5 | ||
| 2020-02-05 | CVE-2020-5208 | It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. | Debian_linux, Fedora, Ipmitool, Leap | 8.8 | ||
| 2020-02-07 | CVE-2020-1700 | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. | Ubuntu_linux, Ceph, Leap, Openshift_container_storage | 6.5 |