Opensuse Leap vulnerabilities

CVE-2017-18922 [CRITICAL] CWE-787 CVE-2017-18922: It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

CVE-2020-15396 [HIGH] CWE-362 CVE-2020-15396: In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user- In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

CVE-2020-8022 [HIGH] CWE-276 CVE-2020-8022: A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux En

CVE-2020-8014 [HIGH] CWE-61 CVE-2020-8014: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.

CVE-2020-4067 [HIGH] CWE-665 CVE-2020-4067: In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initial In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This

CVE-2020-15393 [MEDIUM] CWE-401 CVE-2020-15393: In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.

CVE-2020-11996 [HIGH] CVE-2020-11996: A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0. A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

CVE-2020-10753 [MEDIUM] CWE-113 CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is rel A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are v

CVE-2020-15305 [MEDIUM] CWE-416 CVE-2020-15305: An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepS An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.

CVE-2020-15306 [MEDIUM] CWE-787 CVE-2020-15306: An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap b An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

CVE-2020-10769 [MEDIUM] CWE-125 CVE-2020-10769: A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a l

CVE-2020-15304 [MEDIUM] CWE-476 CVE-2020-15304: An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid mem An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.

CVE-2020-12865 [HIGH] CWE-787 CVE-2020-12865: A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.

CVE-2020-12861 [HIGH] CWE-787 CVE-2020-12861: A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the sam A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.

CVE-2020-12866 [MEDIUM] CWE-476 CVE-2020-12866: A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.

CVE-2020-15025 [MEDIUM] CWE-401 CVE-2020-15025: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

CVE-2020-12864 [MEDIUM] CWE-125 CVE-2020-12864: An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the s An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

CVE-2020-12862 [MEDIUM] CWE-125 CVE-2020-12862: An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the s An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.

CVE-2020-12863 [MEDIUM] CWE-125 CVE-2020-12863: An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the s An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

CVE-2020-14983 [CRITICAL] CWE-120 CVE-2020-14983: The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_pl The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.