Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
57
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 24 of 95
CVE-2020-10663HIGHCVSS 7.5v15.12020-04-28
CVE-2020-10663 [HIGH] CVE-2020-10663: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 t
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the
nvd
CVE-2020-12268CRITICALCVSS 9.8v15.12020-04-27
CVE-2020-12268 [CRITICAL] CWE-787 CVE-2020-12268: jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflo
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
nvd
CVE-2020-12137MEDIUMCVSS 6.1v15.22020-04-24
CVE-2020-12137 [MEDIUM] CWE-79 CVE-2020-12137: GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME par
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, a
nvd
CVE-2020-11945CRITICALCVSS 9.8v15.12020-04-23
CVE-2020-11945 [CRITICAL] CWE-190 CVE-2020-11945: An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authent
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead o
nvd
CVE-2020-12105MEDIUMCVSS 5.9v15.12020-04-23
CVE-2020-12105 [MEDIUM] CWE-755 CVE-2020-12105: OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which mi
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
nvd
CVE-2019-20787CRITICALCVSS 9.8v15.12020-04-22
CVE-2019-20787 [CRITICAL] CWE-190 CVE-2019-20787: Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.
nvd
CVE-2020-12066HIGHCVSS 7.5v15.12020-04-22
CVE-2020-12066 [HIGH] CWE-20 CVE-2020-12066: CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
nvd
CVE-2020-1983MEDIUMCVSS 6.5v15.12020-04-22
CVE-2020-1983 [MEDIUM] CWE-416 CVE-2020-1983: A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allo
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
nvd
CVE-2020-1967HIGHCVSS 7.5v15.1v15.22020-04-21
CVE-2020-1967 [HIGH] CWE-476 CVE-2020-1967: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 han
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by
nvd
CVE-2020-11793HIGHCVSS 8.8v15.12020-04-17
CVE-2020-11793 [HIGH] CWE-416 CVE-2020-11793: A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted we
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
nvd
CVE-2020-11868HIGHCVSS 7.5v15.1v15.22020-04-17
CVE-2020-11868 [HIGH] CWE-346 CVE-2020-11868: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenti
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
nvd
CVE-2019-12519CRITICALCVSS 9.8v15.12020-04-15
CVE-2019-12519 [CRITICAL] CWE-787 CVE-2019-12519: An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Sq
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When addin
nvd
CVE-2020-2805HIGHCVSS 8.3v15.1v15.22020-04-15
CVE-2020-2805 [HIGH] CVE-2020-2805: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2020-2902HIGHCVSS 8.8v15.12020-04-15
CVE-2020-2902 [HIGH] CWE-787 CVE-2020-2902: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox
nvd
CVE-2020-2913HIGHCVSS 7.0v15.12020-04-15
CVE-2020-2913 [HIGH] CVE-2020-2913: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of
nvd
CVE-2020-2742HIGHCVSS 8.2v15.12020-04-15
CVE-2020-2742 [HIGH] CWE-190 CVE-2020-2742: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBo
nvd
CVE-2020-2758HIGHCVSS 8.2v15.12020-04-15
CVE-2020-2758 [HIGH] CWE-416 CVE-2020-2758: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBo
nvd
CVE-2020-2914HIGHCVSS 7.0v15.12020-04-15
CVE-2020-2914 [HIGH] CVE-2020-2914: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of
nvd
CVE-2020-2803HIGHCVSS 8.3v15.1v15.22020-04-15
CVE-2020-2803 [HIGH] CVE-2020-2803: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful
nvd
CVE-2020-2908HIGHCVSS 8.2v15.12020-04-15
CVE-2020-2908 [HIGH] CWE-20 CVE-2020-2908: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppor
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox
nvd