Opensuse Leap vulnerabilities

CVE-2020-11087 [MEDIUM] CWE-125 CVE-2020-11087: In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessa In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.

CVE-2020-11019 [MEDIUM] CWE-125 CVE-2020-11019: In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible cra In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.

CVE-2020-11039 [MEDIUM] CWE-190 CVE-2020-11039: In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.

CVE-2020-11088 [MEDIUM] CWE-125 CVE-2020-11088: In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.

CVE-2020-11017 [MEDIUM] CWE-415 CVE-2020-11017: In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.

CVE-2020-11089 [MEDIUM] CWE-125 CVE-2020-11089: In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.

CVE-2020-11085 [LOW] CWE-125 CVE-2020-11085: In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard forma In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.

CVE-2020-11041 [LOW] CWE-129 CVE-2020-11041: In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to dis

CVE-2020-11043 [LOW] CWE-125 CVE-2020-11043: In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tilese In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0.

CVE-2020-11040 [LOW] CWE-125 CVE-2020-11040: In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_deco In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.

CVE-2019-20807 [MEDIUM] CWE-78 CVE-2019-20807: In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS comma In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

CVE-2020-13361 [LOW] CWE-787 CVE-2020-13361: In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

CVE-2020-13362 [LOW] CWE-125 CVE-2020-13362: In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

CVE-2020-6831 [CRITICAL] CWE-787 CVE-2020-6831: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

CVE-2020-13614 [MEDIUM] CWE-295 CVE-2020-13614: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verifi An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.

CVE-2020-13396 [HIGH] CWE-125 CVE-2020-13396: An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

CVE-2020-11077 [HIGH] CVE-2020-11077: In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests,

CVE-2020-13398 [HIGH] CWE-787 CVE-2020-13398: An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

CVE-2020-13397 [MEDIUM] CWE-125 CVE-2020-13397: An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

CVE-2020-10711 [MEDIUM] CWE-476 CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_p