Opensuse Leap vulnerabilities

CVE-2020-1700 [MEDIUM] CWE-400 CVE-2020-1700: A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenti A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the

CVE-2020-8648 [HIGH] CWE-416 CVE-2020-8648: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_c There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

CVE-2020-8647 [MEDIUM] CWE-416 CVE-2020-8647: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize functi There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

CVE-2020-8608 [MEDIUM] CWE-120 CVE-2020-8608: In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a bu In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

CVE-2020-8649 [MEDIUM] CWE-416 CVE-2020-8649: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_regio There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

CVE-2020-5208 [HIGH] CWE-120 CVE-2020-5208: It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the dat It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

CVE-2020-7216 [HIGH] CWE-401 CVE-2020-7216: An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attacker An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.

CVE-2020-8632 [MEDIUM] CWE-521 CVE-2020-8632: In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small d In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

CVE-2020-8631 [MEDIUM] CWE-330 CVE-2020-8631: cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.

CVE-2019-12528 [HIGH] CVE-2019-12528: An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure o An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

CVE-2020-8517 [HIGH] CWE-20 CVE-2020-8517: An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentica An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating

CVE-2020-8449 [HIGH] CWE-668 CVE-2020-8449: An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret cr An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CVE-2020-8450 [HIGH] CWE-131 CVE-2020-8450: An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client ca An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

CVE-2019-20446 [MEDIUM] CWE-400 CVE-2019-20446: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial o In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

CVE-2020-8492 [MEDIUM] CWE-400 CVE-2020-8492: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

CVE-2020-8432 [CRITICAL] CWE-415 CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() f In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.

CVE-2020-0549 [MEDIUM] CWE-404 CVE-2020-0549: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2018-20105 [MEDIUM] CWE-532 CVE-2018-20105: A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterpris A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

CVE-2019-1353 [CRITICAL] CVE-2019-1353: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.1 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

CVE-2019-3697 [HIGH] CWE-59 CVE-2019-3697: UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15 UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.