Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
57
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 30 of 95
CVE-2020-10029MEDIUMCVSS 5.5v15.12020-03-04
CVE-2020-10029 [MEDIUM] CWE-787 CVE-2020-10029: The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range re
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
nvd
CVE-2019-18902CRITICALCVSS 9.8v15.12020-03-02
CVE-2019-18902 [CRITICAL] CWE-416 CVE-2019-18902: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prio
nvd
CVE-2020-10018CRITICALCVSS 9.8v15.12020-03-02
CVE-2020-10018 [CRITICAL] CWE-416 CVE-2020-10018: WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0)
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
nvd
CVE-2019-18903CRITICALCVSS 9.8v15.12020-03-02
CVE-2019-18903 [CRITICAL] CWE-416 CVE-2019-18903: A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise S
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions pri
nvd
CVE-2019-18897HIGHCVSS 7.8v15.12020-03-02
CVE-2019-18897 [HIGH] CWE-59 CVE-2019-18897: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterp
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linu
nvd
CVE-2019-18901MEDIUMCVSS 5.5v15.12020-03-02
CVE-2019-18901 [MEDIUM] CWE-59 CVE-2019-18901: A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb pa
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE
nvd
CVE-2020-8013LOWCVSS 2.5v15.12020-03-02
CVE-2020-8013 [LOW] CWE-59 CVE-2020-8013: A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation i
nvd
CVE-2019-3698HIGHCVSS 7.0v15.12020-02-28
CVE-2019-3698 [HIGH] CWE-59 CVE-2019-3698: UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linu
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prio
nvd
CVE-2020-7043CRITICALCVSS 9.1v15.12020-02-27
CVE-2020-7043 [CRITICAL] CWE-295 CVE-2020-7043: An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishand
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
nvd
CVE-2020-9431HIGHCVSS 7.5v15.12020-02-27
CVE-2020-9431 [HIGH] CWE-401 CVE-2020-9431: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak m
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
nvd
CVE-2020-9430HIGHCVSS 7.5v15.12020-02-27
CVE-2020-9430 [HIGH] CWE-20 CVE-2020-9430: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could cr
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
nvd
CVE-2020-3868HIGHCVSS 8.8v15.12020-02-27
CVE-2020-3868 [HIGH] CWE-787 CVE-2020-3868: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-3865HIGHCVSS 8.8v15.12020-02-27
CVE-2020-3865 [HIGH] CWE-787 CVE-2020-3865: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-7062HIGHCVSS 7.5v15.12020-02-27
CVE-2020-7062 [HIGH] CWE-476 CVE-2020-7062: In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, whic
nvd
CVE-2020-9428HIGHCVSS 7.5v15.12020-02-27
CVE-2020-9428 [HIGH] CWE-125 CVE-2020-9428: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. Thi
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
nvd
CVE-2020-9429HIGHCVSS 7.5v15.12020-02-27
CVE-2020-9429 [HIGH] CWE-476 CVE-2020-9429: In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissect
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
nvd
CVE-2020-7042MEDIUMCVSS 5.3v15.12020-02-27
CVE-2020-7042 [MEDIUM] CWE-295 CVE-2020-7042: An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c misha
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
nvd
CVE-2020-7063MEDIUMCVSS 5.3v15.12020-02-27
CVE-2020-7063 [MEDIUM] CWE-281 CVE-2020-7063: In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR arc
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissio
nvd
CVE-2020-3867MEDIUMCVSS 6.1v15.12020-02-27
CVE-2020-3867 [MEDIUM] CWE-79 CVE-2020-3867: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iP
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
nvd
CVE-2020-7041MEDIUMCVSS 5.3v15.12020-02-27
CVE-2020-7041 [MEDIUM] CWE-295 CVE-2020-7041: An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c misha
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
nvd