Opensuse

Leap

1897 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-8927

  • EPSS 0.42%
  • Veröffentlicht 15.09.2020 10:15:12
  • Zuletzt bearbeitet 21.11.2024 05:39:41

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 ...

4.1

CVE-2020-25284

  • EPSS 0.08%
  • Veröffentlicht 13.09.2020 18:15:09
  • Zuletzt bearbeitet 21.11.2024 05:17:51

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.

7.5

CVE-2020-6097

Exploit
  • EPSS 0.29%
  • Veröffentlicht 10.09.2020 15:15:36
  • Zuletzt bearbeitet 21.11.2024 05:35:05

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can ...

7.5

CVE-2020-25219

Exploit
  • EPSS 1.23%
  • Veröffentlicht 09.09.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 05:17:41

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

7

CVE-2020-25212

  • EPSS 0.03%
  • Veröffentlicht 09.09.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:39

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b...

7

CVE-2020-14342

Exploit
  • EPSS 0.16%
  • Veröffentlicht 09.09.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:03

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this ...

7.5

CVE-2019-20916

Exploit
  • EPSS 0.62%
  • Veröffentlicht 04.09.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:39:40

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occ...

7.5

CVE-2020-24659

Exploit
  • EPSS 3.4%
  • Veröffentlicht 04.09.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:15:26

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app...

6.5

CVE-2020-24977

Exploit
  • EPSS 0.55%
  • Veröffentlicht 04.09.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:15

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

6.1

CVE-2020-24553

Exploit
  • EPSS 0.18%
  • Veröffentlicht 02.09.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:58

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.