Opensuse

Leap

1897 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-8903

Exploit
  • EPSS 0.09%
  • Published 22.06.2020 14:15:11
  • Last modified 21.11.2024 05:39:39

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with ...

7.8

CVE-2020-8907

Exploit
  • EPSS 0.09%
  • Published 22.06.2020 14:15:11
  • Last modified 21.11.2024 05:39:39

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attac...

7.8

CVE-2020-8933

Exploit
  • EPSS 0.08%
  • Published 22.06.2020 14:15:11
  • Last modified 21.11.2024 05:39:41

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker c...

5.9

CVE-2020-14954

  • EPSS 10.15%
  • Published 21.06.2020 17:15:09
  • Last modified 21.11.2024 05:04:30

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates i...

9.8

CVE-2020-8165

Exploit
  • EPSS 90.13%
  • Published 19.06.2020 18:15:11
  • Last modified 09.05.2025 20:15:36

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

7.5

CVE-2020-8164

Exploit
  • EPSS 7.52%
  • Published 19.06.2020 17:15:18
  • Last modified 21.11.2024 05:38:25

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

9.8

CVE-2017-9103

  • EPSS 0.81%
  • Published 18.06.2020 15:15:10
  • Last modified 21.11.2024 03:35:19

An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be ...

9.8

CVE-2017-9104

  • EPSS 0.67%
  • Published 18.06.2020 15:15:10
  • Last modified 21.11.2024 03:35:19

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.

5.9

CVE-2020-14422

  • EPSS 0.69%
  • Published 18.06.2020 14:15:11
  • Last modified 21.11.2024 05:03:13

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary...

7.5

CVE-2017-9108

  • EPSS 0.53%
  • Published 18.06.2020 14:15:10
  • Last modified 21.11.2024 03:35:20

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() wou...