Filtered by vendor Opensuse
Subscriptions
Filtered by product Leap
Subscriptions
Total
1918 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1935 | 7 Apache, Canonical, Debian and 4 more | 25 Tomcat, Ubuntu Linux, Debian Linux and 22 more | 2024-11-21 | 4.8 Medium |
| In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | ||||
| CVE-2020-1934 | 7 Apache, Canonical, Debian and 4 more | 13 Http Server, Ubuntu Linux, Debian Linux and 10 more | 2024-11-21 | 5.3 Medium |
| In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | ||||
| CVE-2020-1927 | 9 Apache, Broadcom, Canonical and 6 more | 17 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 14 more | 2024-11-21 | 6.1 Medium |
| In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | ||||
| CVE-2020-1772 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
| CVE-2020-1770 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 2.4 Low |
| Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
| CVE-2020-1769 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2024-11-21 | 3.5 Low |
| In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
| CVE-2020-1765 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 3.5 Low |
| An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | ||||
| CVE-2020-1747 | 5 Fedoraproject, Opensuse, Oracle and 2 more | 5 Fedora, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2024-11-21 | 9.8 Critical |
| A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. | ||||
| CVE-2020-1711 | 4 Debian, Opensuse, Qemu and 1 more | 9 Debian Linux, Leap, Qemu and 6 more | 2024-11-21 | 7.7 High |
| An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. | ||||
| CVE-2020-1700 | 4 Canonical, Ceph, Opensuse and 1 more | 4 Ubuntu Linux, Ceph, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. | ||||
| CVE-2020-1269 | 2 Microsoft, Opensuse | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | ||||
| CVE-2020-17498 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 6.5 Medium |
| In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | ||||
| CVE-2020-17489 | 5 Canonical, Debian, Gnome and 2 more | 5 Ubuntu Linux, Debian Linux, Gnome-shell and 2 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | ||||
| CVE-2020-17368 | 4 Debian, Fedoraproject, Firejail Project and 1 more | 4 Debian Linux, Fedora, Firejail and 1 more | 2024-11-21 | 9.8 Critical |
| Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | ||||
| CVE-2020-17367 | 4 Debian, Fedoraproject, Firejail Project and 1 more | 4 Debian Linux, Fedora, Firejail and 1 more | 2024-11-21 | 7.8 High |
| Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | ||||
| CVE-2020-17353 | 4 Debian, Fedoraproject, Lilypond and 1 more | 5 Debian Linux, Fedora, Lilypond and 2 more | 2024-11-21 | 9.8 Critical |
| scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | ||||
| CVE-2020-16845 | 5 Debian, Fedoraproject, Golang and 2 more | 13 Debian Linux, Fedora, Go and 10 more | 2024-11-21 | 7.5 High |
| Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | ||||
| CVE-2020-16166 | 8 Canonical, Debian, Fedoraproject and 5 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-11-21 | 3.7 Low |
| The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | ||||
| CVE-2020-16118 | 2 Gnome, Opensuse | 3 Balsa, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | ||||
| CVE-2020-16116 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 3.3 Low |
| In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | ||||