Opensuse Leap vulnerabilities

CVE-2020-15810 [MEDIUM] CWE-444 CVE-2020-15810: An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content fr

CVE-2020-24654 [LOW] CWE-59 CVE-2020-24654: In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extract In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-25032 [HIGH] CWE-22 CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ di An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

CVE-2020-14364 [MEDIUM] CWE-125 CVE-2020-14364: An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of se

CVE-2020-14352 [HIGH] CWE-22 CVE-2020-14352: A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in

CVE-2020-24972 [HIGH] CWE-116 CVE-2020-24972: The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to exe The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

CVE-2020-24614 [HIGH] CWE-862 CVE-2020-24614: Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated use Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

CVE-2020-14350 [HIGH] CWE-426 CVE-2020-14350: It was found that some PostgreSQL extensions did not use search_path safely in their installation sc It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before

CVE-2020-24606 [HIGH] CWE-667 CVE-2020-24606: Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consumi Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles

CVE-2020-14349 [HIGH] CVE-2020-14349: It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly san It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

CVE-2020-8620 [HIGH] CWE-617 CVE-2020-8620: In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

CVE-2020-8623 [HIGH] CWE-617 CVE-2020-8623: In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signin

CVE-2020-8621 [HIGH] CWE-617 CVE-2020-8621: In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization a In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

CVE-2020-8624 [MEDIUM] CWE-269 CVE-2020-8624: In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, a In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to upda

CVE-2020-8622 [MEDIUM] CWE-617 CVE-2020-8622: In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the se

CVE-2020-14356 [HIGH] CWE-476 CVE-2020-14356: A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-24394 [HIGH] CWE-732 CVE-2020-24394: In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE-2020-1472 [CRITICAL] CVE-2020-1472: An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon se An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unaut

CVE-2020-8233 [HIGH] CWE-77 CVE-2020-8233: A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticate A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

CVE-2020-17498 [MEDIUM] CWE-415 CVE-2020-17498: In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/di In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.