Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-02 | CVE-2020-15811 | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an... | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 6.5 | ||
| 2020-09-02 | CVE-2020-24553 | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | Fedora, Go, Leap, Communications_cloud_native_core_policy | 6.1 | ||
| 2020-09-02 | CVE-2020-24654 | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | Ubuntu_linux, Debian_linux, Fedora, Ark, Leap | 3.3 | ||
| 2020-09-04 | CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Inventory_collect_tool, Manageability_software_development_kit, Snapdrive, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Http_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2 | 6.5 | ||
| 2020-09-04 | CVE-2020-24659 | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | Ubuntu_linux, Fedora, Gnutls, Leap | 7.5 | ||
| 2020-09-09 | CVE-2020-14342 | It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges. | Fedora, Leap, Cifs\-Utils | 7.0 | ||
| 2020-09-09 | CVE-2020-25212 | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | Ubuntu_linux, Debian_linux, Linux_kernel, Leap | 7.0 | ||
| 2020-09-09 | CVE-2020-25219 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | Ubuntu_linux, Debian_linux, Fedora, Libproxy, Leap | 7.5 | ||
| 2020-09-10 | CVE-2020-6097 | An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | Atftp, Debian_linux, Leap | 7.5 | ||
| 2020-09-13 | CVE-2020-25284 | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | Debian_linux, Linux_kernel, Leap | 4.1 |