Opensuse Leap vulnerabilities

CVE-2020-12416 [HIGH] CWE-362 CVE-2020-12416: A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.

CVE-2020-12417 [HIGH] CWE-617 CVE-2020-12417: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-12422 [HIGH] CWE-787 CVE-2020-12422: In non-standard configurations, a JPEG image created by JavaScript could have caused an internal var In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.

CVE-2020-12426 [HIGH] CWE-787 CVE-2020-12426: Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.

CVE-2020-12420 [HIGH] CWE-362 CVE-2020-12420: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a po When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-12419 [HIGH] CWE-416 CVE-2020-12419: When processing callbacks that occurred during window flushing in the parent process, the associated When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-12415 [MEDIUM] CWE-276 CVE-2020-12415: When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and a When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78.

CVE-2020-12424 [MEDIUM] CWE-276 CVE-2020-12424: When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.

CVE-2020-12402 [MEDIUM] CWE-203 CVE-2020-12402: During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does n

CVE-2020-10756 [MEDIUM] CWE-125 CVE-2020-10756: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emu An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This fl

CVE-2020-12418 [MEDIUM] CWE-125 CVE-2020-12418: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking proce Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-15565 [HIGH] CWE-400 CVE-2020-15565: An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence p

CVE-2020-15567 [HIGH] CWE-362 CVE-2020-15567: An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or c An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation

CVE-2020-10745 [HIGH] CWE-400 CVE-2020-10745: A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way i A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.

CVE-2020-15095 [MEDIUM] CWE-532 CVE-2020-15095: Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability thro Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.

CVE-2020-10730 [MEDIUM] CWE-416 CVE-2020-10730: A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in ver A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user

CVE-2020-15563 [MEDIUM] CWE-119 CVE-2020-15563: An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting i

CVE-2020-14303 [HIGH] CWE-834 CVE-2020-14303: A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and be A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

CVE-2020-10760 [MEDIUM] CWE-416 CVE-2020-10760: A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, be A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

CVE-2020-15466 [HIGH] CWE-835 CVE-2020-15466: In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed i In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.