Opensuse

Leap

1897 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-7042

  • EPSS 0.84%
  • Veröffentlicht 27.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:32

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (o...

9.1

CVE-2020-7043

  • EPSS 0.64%
  • Veröffentlicht 27.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:32

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com att...

7.1

CVE-2020-9383

  • EPSS 0.07%
  • Veröffentlicht 25.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:31

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

9.8

CVE-2020-1938

Warnung Exploit
  • EPSS 94.47%
  • Veröffentlicht 24.02.2020 22:15:12
  • Zuletzt bearbeitet 28.03.2025 17:15:49

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t...

5.8

CVE-2019-17569

  • EPSS 6.16%
  • Veröffentlicht 24.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:33

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of H...

5.8

CVE-2020-1935

  • EPSS 1.01%
  • Veröffentlicht 24.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:38

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug...

6.9

CVE-2020-8130

Exploit
  • EPSS 0.08%
  • Veröffentlicht 24.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:21

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

7.5

CVE-2020-9272

  • EPSS 0.77%
  • Veröffentlicht 20.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:19

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

9

CVE-2020-9273

  • EPSS 52.27%
  • Veröffentlicht 20.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:19

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

6.1

CVE-2019-20479

  • EPSS 0.47%
  • Veröffentlicht 20.02.2020 06:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:34

A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.