Opensuse Leap vulnerabilities

CVE-2020-14323 [MEDIUM] CWE-170 CVE-2020-14323: A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, bef A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-15683 [CRITICAL] CWE-416 CVE-2020-15683: Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firef Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird <

CVE-2020-27670 [HIGH] CWE-345 CVE-2020-27670: An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of servi An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

CVE-2020-27672 [HIGH] CWE-362 CVE-2020-27672: An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

CVE-2020-27671 [HIGH] CVE-2020-27671: An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a den An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.

CVE-2020-27673 [MEDIUM] CVE-2020-27673: An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.

CVE-2020-27560 [LOW] CWE-369 CVE-2020-27560: ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which ma ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

CVE-2020-14803 [MEDIUM] CVE-2020-14803: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a

CVE-2020-14792 [MEDIUM] CVE-2020-14792: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Suppo Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu

CVE-2020-14781 [LOW] CVE-2020-14781: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supporte Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful atta

CVE-2020-14798 [LOW] CVE-2020-14798: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14782 [LOW] CVE-2020-14782: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14797 [LOW] CVE-2020-14797: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14796 [LOW] CVE-2020-14796: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14779 [LOW] CVE-2020-14779: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succes

CVE-2020-25829 [HIGH] CVE-2020-25829: An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (

CVE-2020-27153 [HIGH] CWE-415 CVE-2020-27153: In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/at In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

CVE-2020-15229 [HIGH] CWE-22 CVE-2020-15229: Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automa

CVE-2020-25645 [HIGH] CWE-319 CVE-2020-25645: A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoint A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidenti

CVE-2020-26935 [CRITICAL] CWE-89 CVE-2020-26935: An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL i An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.