Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-22 | CVE-2020-8933 | A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you... | Guest\-Oslogin, Leap | 7.8 | ||
| 2020-06-22 | CVE-2020-14983 | The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. | Chocolate_doom, Crispy_doom, Backports, Leap | 9.8 | ||
| 2020-06-22 | CVE-2020-4030 | In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 6.5 | ||
| 2020-06-22 | CVE-2020-4031 | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 7.5 | ||
| 2020-06-22 | CVE-2020-4032 | In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 4.3 | ||
| 2020-06-22 | CVE-2020-4033 | In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 6.5 | ||
| 2020-06-24 | CVE-2020-12861 | A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | Ubuntu_linux, Leap, Sane_backends | 8.8 | ||
| 2020-06-24 | CVE-2020-12862 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. | Ubuntu_linux, Debian_linux, Leap, Sane_backends | 4.3 | ||
| 2020-06-24 | CVE-2020-12863 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. | Ubuntu_linux, Debian_linux, Leap, Sane_backends | 4.3 | ||
| 2020-06-24 | CVE-2020-12864 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. | Ubuntu_linux, Leap, Sane_backends | 4.3 |