Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1816 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1747 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more 2023-02-03 10.0 HIGH 9.8 CRITICAL
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
CVE-2020-10593 2 Opensuse, Torproject 3 Backports Sle, Leap, Tor 2023-02-03 5.0 MEDIUM 7.5 HIGH
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
CVE-2019-18388 3 Debian, Opensuse, Virglrenderer Project 3 Debian Linux, Leap, Virglrenderer 2023-02-03 2.1 LOW 5.5 MEDIUM
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.
CVE-2019-18390 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Leap, Enterprise Linux and 1 more 2023-02-03 3.6 LOW 7.1 HIGH
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
CVE-2020-5267 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2023-02-03 3.5 LOW 4.8 MEDIUM
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
CVE-2020-16118 2 Gnome, Opensuse 3 Balsa, Backports Sle, Leap 2023-02-03 5.0 MEDIUM 7.5 HIGH
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
CVE-2020-0305 2 Google, Opensuse 2 Android, Leap 2023-02-03 4.4 MEDIUM 6.4 MEDIUM
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
CVE-2020-14039 2 Golang, Opensuse 2 Go, Leap 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
CVE-2020-15803 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports and 2 more 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
CVE-2019-10163 2 Opensuse, Powerdns 3 Backports, Leap, Authoritative 2023-02-03 4.0 MEDIUM 4.3 MEDIUM
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
CVE-2020-16845 4 Debian, Fedoraproject, Golang and 1 more 4 Debian Linux, Fedora, Go and 1 more 2023-02-03 5.0 MEDIUM 7.5 HIGH
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-10730 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Leap and 2 more 2023-02-03 4.0 MEDIUM 6.5 MEDIUM
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
CVE-2020-15656 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2023-02-02 9.3 HIGH 8.8 HIGH
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-10769 2 Opensuse, Redhat 2 Leap, Enterprise Linux 2023-02-02 2.1 LOW 5.5 MEDIUM
A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.
CVE-2020-10757 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2023-02-02 6.9 MEDIUM 7.8 HIGH
A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2019-3846 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2023-02-02 8.3 HIGH 8.8 HIGH
A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code.
CVE-2019-10185 3 Debian, Icedtea-web Project, Opensuse 3 Debian Linux, Icedtea-web, Leap 2023-02-02 6.4 MEDIUM 8.6 HIGH
It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
CVE-2019-3886 3 Fedoraproject, Opensuse, Redhat 3 Fedora, Leap, Libvirt 2023-02-02 4.8 MEDIUM 5.4 MEDIUM
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
CVE-2019-14821 8 Canonical, Debian, Fedoraproject and 5 more 38 Ubuntu Linux, Debian Linux, Fedora and 35 more 2023-02-02 7.2 HIGH 8.8 HIGH
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2019-14835 8 Canonical, Debian, Fedoraproject and 5 more 44 Ubuntu Linux, Debian Linux, Fedora and 41 more 2023-02-02 7.2 HIGH 7.8 HIGH
A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. In the worst case (and likely most common virtualization) scenario this flaw affects KVM/qemu hypervisor enabled hosts running Linux guests.