Marcus Updateinfo to OVAL Converter5.52022-05-23T06:33:34CVE-2010-2322openSUSE Leap 15.2
Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.
LowCVE-2010-2322SUSE bug 1188517cpe:/o:opensuse:leap:15.2CVE-2011-4953openSUSE Leap 15.2
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
ImportantCVE-2011-4953SUSE bug 757062cpe:/o:opensuse:leap:15.2CVE-2011-5325openSUSE Leap 15.2
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
ModerateCVE-2011-5325SUSE bug 951562cpe:/o:opensuse:leap:15.2CVE-2012-2395openSUSE Leap 15.2
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
ImportantCVE-2012-2395SUSE bug 763610cpe:/o:opensuse:leap:15.2CVE-2014-10401openSUSE Leap 15.2
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
ModerateCVE-2014-10401SUSE bug 1176492cpe:/o:opensuse:leap:15.2CVE-2014-10402openSUSE Leap 15.2
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
ModerateCVE-2014-10402SUSE bug 1176492cpe:/o:opensuse:leap:15.2CVE-2014-3577openSUSE Leap 15.2
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
ModerateCVE-2014-3577SUSE bug 1178171cpe:/o:opensuse:leap:15.2CVE-2015-3414openSUSE Leap 15.2
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
ModerateCVE-2015-3414SUSE bug 1085790SUSE bug 1190372SUSE bug 1193078SUSE bug 928700SUSE bug 928701SUSE bug 928702cpe:/o:opensuse:leap:15.2CVE-2015-3415openSUSE Leap 15.2
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
ModerateCVE-2015-3415SUSE bug 1190372SUSE bug 928700SUSE bug 928701SUSE bug 928702cpe:/o:opensuse:leap:15.2CVE-2015-4141openSUSE Leap 15.2
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
ModerateCVE-2015-4141SUSE bug 915323SUSE bug 930077cpe:/o:opensuse:leap:15.2CVE-2015-4142openSUSE Leap 15.2
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
ModerateCVE-2015-4142SUSE bug 915323SUSE bug 930078cpe:/o:opensuse:leap:15.2CVE-2015-4143openSUSE Leap 15.2
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
ModerateCVE-2015-4143SUSE bug 930079cpe:/o:opensuse:leap:15.2CVE-2015-5262openSUSE Leap 15.2
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
ImportantCVE-2015-5262SUSE bug 1120767SUSE bug 945190cpe:/o:opensuse:leap:15.2CVE-2015-8041openSUSE Leap 15.2
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
LowCVE-2015-8041SUSE bug 937419cpe:/o:opensuse:leap:15.2CVE-2015-9542openSUSE Leap 15.2
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
ModerateCVE-2015-9542SUSE bug 1163933cpe:/o:opensuse:leap:15.2CVE-2016-10228openSUSE Leap 15.2
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
ModerateCVE-2016-10228SUSE bug 1027496cpe:/o:opensuse:leap:15.2CVE-2016-2124openSUSE Leap 15.2
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
ModerateCVE-2016-2124SUSE bug 1014440cpe:/o:opensuse:leap:15.2CVE-2016-3822openSUSE Leap 15.2
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
LowCVE-2016-3822SUSE bug 1108480SUSE bug 1108672cpe:/o:opensuse:leap:15.2CVE-2016-5100openSUSE Leap 15.2
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
ModerateCVE-2016-5100SUSE bug 1025193cpe:/o:opensuse:leap:15.2CVE-2016-6209openSUSE Leap 15.2
Cross-site scripting (XSS) vulnerability in Nagios.
ModerateCVE-2016-6209SUSE bug 989759cpe:/o:opensuse:leap:15.2CVE-2016-9180openSUSE Leap 15.2
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.
ImportantCVE-2016-9180SUSE bug 1008644cpe:/o:opensuse:leap:15.2CVE-2016-9398openSUSE Leap 15.2
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
ModerateCVE-2016-9398SUSE bug 1010979SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2016-9399openSUSE Leap 15.2
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
ModerateCVE-2016-9399SUSE bug 1010980SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2017-1000369openSUSE Leap 15.2
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
ModerateCVE-2017-1000369SUSE bug 1037551SUSE bug 1044692cpe:/o:opensuse:leap:15.2CVE-2017-1000469openSUSE Leap 15.2
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
ModerateCVE-2017-1000469SUSE bug 1074594cpe:/o:opensuse:leap:15.2CVE-2017-11104openSUSE Leap 15.2
Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.
ImportantCVE-2017-11104SUSE bug 1047841cpe:/o:opensuse:leap:15.2CVE-2017-13077openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
ImportantCVE-2017-13077SUSE bug 1056061SUSE bug 1063479SUSE bug 1063963cpe:/o:opensuse:leap:15.2CVE-2017-13078openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
ImportantCVE-2017-13078SUSE bug 1056061SUSE bug 1063479SUSE bug 1063667cpe:/o:opensuse:leap:15.2CVE-2017-13079openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
ImportantCVE-2017-13079SUSE bug 1056061SUSE bug 1063479cpe:/o:opensuse:leap:15.2CVE-2017-13080openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
ImportantCVE-2017-13080SUSE bug 1056061SUSE bug 1063479SUSE bug 1063667SUSE bug 1063671SUSE bug 1066295SUSE bug 1105108SUSE bug 1178872cpe:/o:opensuse:leap:15.2CVE-2017-13081openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
ImportantCVE-2017-13081SUSE bug 1056061SUSE bug 1063479SUSE bug 1066295SUSE bug 1105108cpe:/o:opensuse:leap:15.2CVE-2017-13082openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
ImportantCVE-2017-13082SUSE bug 1056061SUSE bug 1063479cpe:/o:opensuse:leap:15.2CVE-2017-13086openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
ImportantCVE-2017-13086SUSE bug 1056061SUSE bug 1063479cpe:/o:opensuse:leap:15.2CVE-2017-13087openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
ImportantCVE-2017-13087SUSE bug 1056061SUSE bug 1063479cpe:/o:opensuse:leap:15.2CVE-2017-13088openSUSE Leap 15.2
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
ImportantCVE-2017-13088SUSE bug 1056061SUSE bug 1063479cpe:/o:opensuse:leap:15.2CVE-2017-14132openSUSE Leap 15.2
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.
LowCVE-2017-14132SUSE bug 1057152SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2017-16943openSUSE Leap 15.2
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
CriticalCVE-2017-16943SUSE bug 1069857cpe:/o:opensuse:leap:15.2CVE-2017-16944openSUSE Leap 15.2
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
ImportantCVE-2017-16944SUSE bug 1069859cpe:/o:opensuse:leap:15.2CVE-2017-18640openSUSE Leap 15.2
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
ImportantCVE-2017-18640SUSE bug 1159488SUSE bug 1186088cpe:/o:opensuse:leap:15.2CVE-2017-18922openSUSE Leap 15.2
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
ImportantCVE-2017-18922SUSE bug 1173477cpe:/o:opensuse:leap:15.2CVE-2017-18926openSUSE Leap 15.2
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
ImportantCVE-2017-18926SUSE bug 1178593SUSE bug 1178784SUSE bug 1178903SUSE bug 1183914cpe:/o:opensuse:leap:15.2CVE-2017-3136openSUSE Leap 15.2
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
ImportantCVE-2017-3136SUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1024130SUSE bug 1033461SUSE bug 1033466SUSE bug 1081545cpe:/o:opensuse:leap:15.2CVE-2017-5499openSUSE Leap 15.2
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
ModerateCVE-2017-5499SUSE bug 1020451SUSE bug 1020456SUSE bug 1020460SUSE bug 1115637SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2017-5503openSUSE Leap 15.2
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.
ModerateCVE-2017-5503SUSE bug 1020456SUSE bug 1020458SUSE bug 1020460SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2017-5504openSUSE Leap 15.2
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
ModerateCVE-2017-5504SUSE bug 1020456SUSE bug 1020458SUSE bug 1020460SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2017-5505openSUSE Leap 15.2
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
ModerateCVE-2017-5505SUSE bug 1020456SUSE bug 1020458SUSE bug 1020460SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2017-5753openSUSE Leap 15.2
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
ImportantCVE-2017-5753SUSE bug 1068032SUSE bug 1074562SUSE bug 1074578SUSE bug 1074701SUSE bug 1075006SUSE bug 1075419SUSE bug 1075748SUSE bug 1080039SUSE bug 1087084SUSE bug 1087939SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2017-9271openSUSE Leap 15.2
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
ModerateCVE-2017-9271SUSE bug 1050625cpe:/o:opensuse:leap:15.2CVE-2017-9782openSUSE Leap 15.2
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
LowCVE-2017-9782SUSE bug 1045450SUSE bug 1117328SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2018-1000225openSUSE Leap 15.2
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).
CriticalCVE-2018-1000225SUSE bug 1104190SUSE bug 1104287SUSE bug 1105442cpe:/o:opensuse:leap:15.2CVE-2018-1000226openSUSE Leap 15.2
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
ImportantCVE-2018-1000226SUSE bug 1104190SUSE bug 1104287SUSE bug 1105440SUSE bug 1105442SUSE bug 1131852cpe:/o:opensuse:leap:15.2CVE-2018-1000500openSUSE Leap 15.2
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".
ImportantCVE-2018-1000500SUSE bug 1099263cpe:/o:opensuse:leap:15.2CVE-2018-1000517openSUSE Leap 15.2
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
ImportantCVE-2018-1000517SUSE bug 1099260cpe:/o:opensuse:leap:15.2CVE-2018-1000667openSUSE Leap 15.2
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
LowCVE-2018-1000667SUSE bug 1107592cpe:/o:opensuse:leap:15.2CVE-2018-10016openSUSE Leap 15.2
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
LowCVE-2018-10016SUSE bug 1089084cpe:/o:opensuse:leap:15.2CVE-2018-10196openSUSE Leap 15.2
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
LowCVE-2018-10196SUSE bug 1093447cpe:/o:opensuse:leap:15.2CVE-2018-10254openSUSE Leap 15.2
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
LowCVE-2018-10254SUSE bug 1090519cpe:/o:opensuse:leap:15.2CVE-2018-10316openSUSE Leap 15.2
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
LowCVE-2018-10316SUSE bug 1090840cpe:/o:opensuse:leap:15.2CVE-2018-10536openSUSE Leap 15.2
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
ImportantCVE-2018-10536SUSE bug 1091344cpe:/o:opensuse:leap:15.2CVE-2018-10537openSUSE Leap 15.2
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.
ImportantCVE-2018-10537SUSE bug 1091343cpe:/o:opensuse:leap:15.2CVE-2018-10538openSUSE Leap 15.2
An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
ModerateCVE-2018-10538SUSE bug 1091342cpe:/o:opensuse:leap:15.2CVE-2018-10539openSUSE Leap 15.2
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
ModerateCVE-2018-10539SUSE bug 1091341cpe:/o:opensuse:leap:15.2CVE-2018-10540openSUSE Leap 15.2
An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
ModerateCVE-2018-10540SUSE bug 1091340cpe:/o:opensuse:leap:15.2CVE-2018-10931openSUSE Leap 15.2
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
CriticalCVE-2018-10931SUSE bug 1104189SUSE bug 1104190SUSE bug 1104287SUSE bug 1105440SUSE bug 1105442SUSE bug 1130105cpe:/o:opensuse:leap:15.2CVE-2018-1311openSUSE Leap 15.2
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
ImportantCVE-2018-1311SUSE bug 1159552cpe:/o:opensuse:leap:15.2CVE-2018-13139openSUSE Leap 15.2
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
ModerateCVE-2018-13139SUSE bug 1100167SUSE bug 1116993cpe:/o:opensuse:leap:15.2CVE-2018-13405openSUSE Leap 15.2
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
ModerateCVE-2018-13405SUSE bug 1087082SUSE bug 1100416SUSE bug 1129735SUSE bug 1195161SUSE bug 1198702cpe:/o:opensuse:leap:15.2CVE-2018-14526openSUSE Leap 15.2
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
ModerateCVE-2018-14526SUSE bug 1104205cpe:/o:opensuse:leap:15.2CVE-2018-14679openSUSE Leap 15.2
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
ModerateCVE-2018-14679SUSE bug 1102922SUSE bug 1103032SUSE bug 1103040cpe:/o:opensuse:leap:15.2CVE-2018-14681openSUSE Leap 15.2
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
ModerateCVE-2018-14681SUSE bug 1102922SUSE bug 1103032SUSE bug 1103040cpe:/o:opensuse:leap:15.2CVE-2018-14682openSUSE Leap 15.2
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
ModerateCVE-2018-14682SUSE bug 1102922SUSE bug 1103032SUSE bug 1103040cpe:/o:opensuse:leap:15.2CVE-2018-15473openSUSE Leap 15.2
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
ModerateCVE-2018-15473SUSE bug 1105010SUSE bug 1106163SUSE bug 1123133SUSE bug 1138392cpe:/o:opensuse:leap:15.2CVE-2018-15518openSUSE Leap 15.2
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
ModerateCVE-2018-15518SUSE bug 1118595SUSE bug 1126909cpe:/o:opensuse:leap:15.2CVE-2018-15750openSUSE Leap 15.2
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
ImportantCVE-2018-15750SUSE bug 1113698cpe:/o:opensuse:leap:15.2CVE-2018-15751openSUSE Leap 15.2
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
CriticalCVE-2018-15751SUSE bug 1113698SUSE bug 1113699cpe:/o:opensuse:leap:15.2CVE-2018-16382openSUSE Leap 15.2
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
LowCVE-2018-16382SUSE bug 1106878cpe:/o:opensuse:leap:15.2CVE-2018-16517openSUSE Leap 15.2
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
LowCVE-2018-16517SUSE bug 1107594cpe:/o:opensuse:leap:15.2CVE-2018-16554openSUSE Leap 15.2
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
LowCVE-2018-16554SUSE bug 1108480SUSE bug 1108672cpe:/o:opensuse:leap:15.2CVE-2018-16999openSUSE Leap 15.2
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
LowCVE-2018-16999SUSE bug 1108404cpe:/o:opensuse:leap:15.2CVE-2018-17088openSUSE Leap 15.2
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.
LowCVE-2018-17088SUSE bug 1108480SUSE bug 1108672cpe:/o:opensuse:leap:15.2CVE-2018-18751openSUSE Leap 15.2
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
ModerateCVE-2018-18751SUSE bug 1113719cpe:/o:opensuse:leap:15.2CVE-2018-18836openSUSE Leap 15.2
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
ModerateCVE-2018-18836SUSE bug 1139094cpe:/o:opensuse:leap:15.2CVE-2018-18837openSUSE Leap 15.2
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
ModerateCVE-2018-18837SUSE bug 1139095cpe:/o:opensuse:leap:15.2CVE-2018-18838openSUSE Leap 15.2
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
ModerateCVE-2018-18838SUSE bug 1139098cpe:/o:opensuse:leap:15.2CVE-2018-18839openSUSE Leap 15.2
** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional."
ModerateCVE-2018-18839SUSE bug 1144517cpe:/o:opensuse:leap:15.2CVE-2018-18873openSUSE Leap 15.2
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
LowCVE-2018-18873SUSE bug 1114495SUSE bug 1114498SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2018-19139openSUSE Leap 15.2
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
LowCVE-2018-19139SUSE bug 1115637SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2018-19214openSUSE Leap 15.2
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
ModerateCVE-2018-19214SUSE bug 1115795cpe:/o:opensuse:leap:15.2CVE-2018-19215openSUSE Leap 15.2
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
ModerateCVE-2018-19215SUSE bug 1115774cpe:/o:opensuse:leap:15.2CVE-2018-19216openSUSE Leap 15.2
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
LowCVE-2018-19216SUSE bug 1115758cpe:/o:opensuse:leap:15.2CVE-2018-19387openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
ModerateCVE-2018-19387SUSE bug 1116887cpe:/o:opensuse:leap:15.2CVE-2018-19432openSUSE Leap 15.2
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
ModerateCVE-2018-19432SUSE bug 1116993cpe:/o:opensuse:leap:15.2CVE-2018-19543openSUSE Leap 15.2
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
ModerateCVE-2018-19543SUSE bug 1045450SUSE bug 1117328SUSE bug 1117507SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2018-19758openSUSE Leap 15.2
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
ModerateCVE-2018-19758SUSE bug 1117954SUSE bug 1125575cpe:/o:opensuse:leap:15.2CVE-2018-19840openSUSE Leap 15.2
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
LowCVE-2018-19840SUSE bug 1120930cpe:/o:opensuse:leap:15.2CVE-2018-19841openSUSE Leap 15.2
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
LowCVE-2018-19841SUSE bug 1120929cpe:/o:opensuse:leap:15.2CVE-2018-19869openSUSE Leap 15.2
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
ModerateCVE-2018-19869SUSE bug 1118599cpe:/o:opensuse:leap:15.2CVE-2018-19873openSUSE Leap 15.2
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
ModerateCVE-2018-19873SUSE bug 1118596SUSE bug 1126909cpe:/o:opensuse:leap:15.2CVE-2018-20340openSUSE Leap 15.2
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.
ModerateCVE-2018-20340SUSE bug 1124781cpe:/o:opensuse:leap:15.2CVE-2018-20570openSUSE Leap 15.2
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
ModerateCVE-2018-20570SUSE bug 1120807SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2018-20622openSUSE Leap 15.2
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
ModerateCVE-2018-20622SUSE bug 1115637SUSE bug 1120805SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2018-20679openSUSE Leap 15.2
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.
ModerateCVE-2018-20679SUSE bug 1121426SUSE bug 1121428cpe:/o:opensuse:leap:15.2CVE-2018-21247openSUSE Leap 15.2
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
ImportantCVE-2018-21247SUSE bug 1173477SUSE bug 1173874cpe:/o:opensuse:leap:15.2CVE-2018-5741openSUSE Leap 15.2
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.
ModerateCVE-2018-5741SUSE bug 1109160SUSE bug 1171740cpe:/o:opensuse:leap:15.2CVE-2018-6612openSUSE Leap 15.2
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
ModerateCVE-2018-6612SUSE bug 1079349cpe:/o:opensuse:leap:15.2CVE-2018-6767openSUSE Leap 15.2
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
ModerateCVE-2018-6767SUSE bug 1079746cpe:/o:opensuse:leap:15.2CVE-2018-6789openSUSE Leap 15.2
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
ImportantCVE-2018-6789SUSE bug 1079832cpe:/o:opensuse:leap:15.2CVE-2018-7253openSUSE Leap 15.2
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
ModerateCVE-2018-7253SUSE bug 1081692cpe:/o:opensuse:leap:15.2CVE-2018-7254openSUSE Leap 15.2
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
ModerateCVE-2018-7254SUSE bug 1081693cpe:/o:opensuse:leap:15.2CVE-2018-7544openSUSE Leap 15.2
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.
LowCVE-2018-7544SUSE bug 1085803cpe:/o:opensuse:leap:15.2CVE-2018-8881openSUSE Leap 15.2
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
LowCVE-2018-8881SUSE bug 1086228cpe:/o:opensuse:leap:15.2CVE-2018-8882openSUSE Leap 15.2
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
LowCVE-2018-8882SUSE bug 1086227cpe:/o:opensuse:leap:15.2CVE-2018-8883openSUSE Leap 15.2
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
LowCVE-2018-8883SUSE bug 1086186cpe:/o:opensuse:leap:15.2CVE-2018-8956openSUSE Leap 15.2
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
ModerateCVE-2018-8956SUSE bug 1171355cpe:/o:opensuse:leap:15.2CVE-2018-9252openSUSE Leap 15.2
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
LowCVE-2018-9252SUSE bug 1088278SUSE bug 1178702cpe:/o:opensuse:leap:15.2CVE-2019-10067openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.
LowCVE-2019-10067SUSE bug 1133754SUSE bug 1139406cpe:/o:opensuse:leap:15.2CVE-2019-1010301openSUSE Leap 15.2
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
LowCVE-2019-1010301SUSE bug 1144316cpe:/o:opensuse:leap:15.2CVE-2019-1010302openSUSE Leap 15.2
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
ModerateCVE-2019-1010302SUSE bug 1144354cpe:/o:opensuse:leap:15.2CVE-2019-1010319openSUSE Leap 15.2
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
ModerateCVE-2019-1010319SUSE bug 1141334cpe:/o:opensuse:leap:15.2CVE-2019-10214openSUSE Leap 15.2
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.
CriticalCVE-2019-10214SUSE bug 1144065cpe:/o:opensuse:leap:15.2CVE-2019-10215openSUSE Leap 15.2
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
ModerateCVE-2019-10215cpe:/o:opensuse:leap:15.2CVE-2019-10740openSUSE Leap 15.2
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
ModerateCVE-2019-10740SUSE bug 1131801SUSE bug 1175135cpe:/o:opensuse:leap:15.2CVE-2019-11023openSUSE Leap 15.2
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
LowCVE-2019-11023SUSE bug 1132091cpe:/o:opensuse:leap:15.2CVE-2019-11498openSUSE Leap 15.2
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
LowCVE-2019-11498SUSE bug 1133384cpe:/o:opensuse:leap:15.2CVE-2019-11555openSUSE Leap 15.2
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
ModerateCVE-2019-11555SUSE bug 1133640cpe:/o:opensuse:leap:15.2CVE-2019-12248openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources.
ModerateCVE-2019-12248SUSE bug 1137615cpe:/o:opensuse:leap:15.2CVE-2019-12420openSUSE Leap 15.2
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
ImportantCVE-2019-12420SUSE bug 1159133SUSE bug 1186513cpe:/o:opensuse:leap:15.2CVE-2019-12497openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.
ModerateCVE-2019-12497SUSE bug 1137614cpe:/o:opensuse:leap:15.2CVE-2019-12625openSUSE Leap 15.2
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
ImportantCVE-2019-12625SUSE bug 1144504cpe:/o:opensuse:leap:15.2CVE-2019-12746openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user.
ModerateCVE-2019-12746SUSE bug 1141430cpe:/o:opensuse:leap:15.2CVE-2019-12900openSUSE Leap 15.2
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
ImportantCVE-2019-12900SUSE bug 1139083SUSE bug 1149458cpe:/o:opensuse:leap:15.2CVE-2019-12972openSUSE Leap 15.2
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
ModerateCVE-2019-12972SUSE bug 1140126cpe:/o:opensuse:leap:15.2CVE-2019-13207openSUSE Leap 15.2
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.
ModerateCVE-2019-13207SUSE bug 1182952cpe:/o:opensuse:leap:15.2CVE-2019-13314openSUSE Leap 15.2
virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.
LowCVE-2019-13314SUSE bug 1140750cpe:/o:opensuse:leap:15.2CVE-2019-13377openSUSE Leap 15.2
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
ModerateCVE-2019-13377SUSE bug 1144443cpe:/o:opensuse:leap:15.2CVE-2019-13457openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.
ModerateCVE-2019-13457SUSE bug 1141431cpe:/o:opensuse:leap:15.2CVE-2019-13458openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords.
ModerateCVE-2019-13458SUSE bug 1141431SUSE bug 1141432cpe:/o:opensuse:leap:15.2CVE-2019-13616openSUSE Leap 15.2
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
ModerateCVE-2019-13616SUSE bug 1141844cpe:/o:opensuse:leap:15.2CVE-2019-14250openSUSE Leap 15.2
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
ModerateCVE-2019-14250SUSE bug 1142649cpe:/o:opensuse:leap:15.2CVE-2019-14275openSUSE Leap 15.2
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
ModerateCVE-2019-14275SUSE bug 1143650cpe:/o:opensuse:leap:15.2CVE-2019-14444openSUSE Leap 15.2
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
ModerateCVE-2019-14444SUSE bug 1143609cpe:/o:opensuse:leap:15.2CVE-2019-14562openSUSE Leap 15.2
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
LowCVE-2019-14562SUSE bug 1175476cpe:/o:opensuse:leap:15.2CVE-2019-14584openSUSE Leap 15.2
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
ModerateCVE-2019-14584SUSE bug 1177789cpe:/o:opensuse:leap:15.2CVE-2019-14973openSUSE Leap 15.2
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
ModerateCVE-2019-14973SUSE bug 1146608cpe:/o:opensuse:leap:15.2CVE-2019-15043openSUSE Leap 15.2
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
ImportantCVE-2019-15043SUSE bug 1148383cpe:/o:opensuse:leap:15.2CVE-2019-15126openSUSE Leap 15.2
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
ModerateCVE-2019-15126SUSE bug 1167162cpe:/o:opensuse:leap:15.2CVE-2019-15232openSUSE Leap 15.2
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
ImportantCVE-2019-15232SUSE bug 1146283cpe:/o:opensuse:leap:15.2CVE-2019-15522openSUSE Leap 15.2
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.
ImportantCVE-2019-15522SUSE bug 1147137cpe:/o:opensuse:leap:15.2CVE-2019-15523openSUSE Leap 15.2
An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.
ModerateCVE-2019-15523SUSE bug 1147139cpe:/o:opensuse:leap:15.2CVE-2019-15890openSUSE Leap 15.2
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
ModerateCVE-2019-15890SUSE bug 1149811SUSE bug 1149813SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2019-15945openSUSE Leap 15.2
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
ModerateCVE-2019-15945SUSE bug 1149746SUSE bug 1179291cpe:/o:opensuse:leap:15.2CVE-2019-15946openSUSE Leap 15.2
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
ModerateCVE-2019-15946SUSE bug 1149747SUSE bug 1179291cpe:/o:opensuse:leap:15.2CVE-2019-15961openSUSE Leap 15.2
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.
ImportantCVE-2019-15961SUSE bug 1157763SUSE bug 1180082cpe:/o:opensuse:leap:15.2CVE-2019-16091openSUSE Leap 15.2
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.
ModerateCVE-2019-16091SUSE bug 1149919cpe:/o:opensuse:leap:15.2CVE-2019-16092openSUSE Leap 15.2
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
ImportantCVE-2019-16092SUSE bug 1149920cpe:/o:opensuse:leap:15.2CVE-2019-16093openSUSE Leap 15.2
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
ImportantCVE-2019-16093SUSE bug 1149922cpe:/o:opensuse:leap:15.2CVE-2019-16094openSUSE Leap 15.2
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
ModerateCVE-2019-16094SUSE bug 1149924cpe:/o:opensuse:leap:15.2CVE-2019-16095openSUSE Leap 15.2
Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.
ModerateCVE-2019-16095SUSE bug 1149926cpe:/o:opensuse:leap:15.2CVE-2019-16275openSUSE Leap 15.2
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
ModerateCVE-2019-16275SUSE bug 1150934cpe:/o:opensuse:leap:15.2CVE-2019-16375openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article.
LowCVE-2019-16375SUSE bug 1153324SUSE bug 1156431cpe:/o:opensuse:leap:15.2CVE-2019-16707openSUSE Leap 15.2
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
ModerateCVE-2019-16707SUSE bug 1151867cpe:/o:opensuse:leap:15.2CVE-2019-16770openSUSE Leap 15.2
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.
ImportantCVE-2019-16770SUSE bug 1158675SUSE bug 1188527cpe:/o:opensuse:leap:15.2CVE-2019-16785openSUSE Leap 15.2
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.
ImportantCVE-2019-16785SUSE bug 1161088cpe:/o:opensuse:leap:15.2CVE-2019-16786openSUSE Leap 15.2
Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.
ImportantCVE-2019-16786SUSE bug 1161089cpe:/o:opensuse:leap:15.2CVE-2019-16789openSUSE Leap 15.2
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.
ImportantCVE-2019-16789SUSE bug 1160790cpe:/o:opensuse:leap:15.2CVE-2019-16792openSUSE Leap 15.2
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.
ModerateCVE-2019-16792SUSE bug 1161670cpe:/o:opensuse:leap:15.2CVE-2019-16928openSUSE Leap 15.2
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
ImportantCVE-2019-16928SUSE bug 1152507cpe:/o:opensuse:leap:15.2CVE-2019-16935openSUSE Leap 15.2
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
ModerateCVE-2019-16935SUSE bug 1153238cpe:/o:opensuse:leap:15.2CVE-2019-17450openSUSE Leap 15.2
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
ModerateCVE-2019-17450SUSE bug 1153770cpe:/o:opensuse:leap:15.2CVE-2019-17451openSUSE Leap 15.2
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
ModerateCVE-2019-17451SUSE bug 1153768cpe:/o:opensuse:leap:15.2CVE-2019-17498openSUSE Leap 15.2
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
ModerateCVE-2019-17498SUSE bug 1154862SUSE bug 1171566cpe:/o:opensuse:leap:15.2CVE-2019-1785openSUSE Leap 15.2
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
ModerateCVE-2019-1785SUSE bug 1130721SUSE bug 1137508cpe:/o:opensuse:leap:15.2CVE-2019-1786openSUSE Leap 15.2
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
ModerateCVE-2019-1786SUSE bug 1130721SUSE bug 1137510cpe:/o:opensuse:leap:15.2CVE-2019-1787openSUSE Leap 15.2
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
ModerateCVE-2019-1787SUSE bug 1130721cpe:/o:opensuse:leap:15.2CVE-2019-1788openSUSE Leap 15.2
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.
ModerateCVE-2019-1788SUSE bug 1130721cpe:/o:opensuse:leap:15.2CVE-2019-1789openSUSE Leap 15.2
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
ModerateCVE-2019-1789SUSE bug 1130721cpe:/o:opensuse:leap:15.2CVE-2019-1798openSUSE Leap 15.2
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
ImportantCVE-2019-1798SUSE bug 1130721SUSE bug 1137513cpe:/o:opensuse:leap:15.2CVE-2019-18179openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
ModerateCVE-2019-18179SUSE bug 1157001SUSE bug 1157523cpe:/o:opensuse:leap:15.2CVE-2019-18180openSUSE Leap 15.2
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.
ModerateCVE-2019-18180SUSE bug 1157001SUSE bug 1157524cpe:/o:opensuse:leap:15.2CVE-2019-18348openSUSE Leap 15.2
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.
ModerateCVE-2019-18348SUSE bug 1155094cpe:/o:opensuse:leap:15.2CVE-2019-18397openSUSE Leap 15.2
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.
ImportantCVE-2019-18397SUSE bug 1156260cpe:/o:opensuse:leap:15.2CVE-2019-18802openSUSE Leap 15.2
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.
ImportantCVE-2019-18802SUSE bug 1159003cpe:/o:opensuse:leap:15.2CVE-2019-18814openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
ModerateCVE-2019-18814SUSE bug 1156256cpe:/o:opensuse:leap:15.2CVE-2019-18906openSUSE Leap 15.2
A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.
ModerateCVE-2019-18906SUSE bug 1186226cpe:/o:opensuse:leap:15.2CVE-2019-18934openSUSE Leap 15.2
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
ImportantCVE-2019-18934SUSE bug 1157268cpe:/o:opensuse:leap:15.2CVE-2019-19244openSUSE Leap 15.2
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
ModerateCVE-2019-19244SUSE bug 1157817SUSE bug 1157818cpe:/o:opensuse:leap:15.2CVE-2019-19317openSUSE Leap 15.2
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
ModerateCVE-2019-19317SUSE bug 1158812SUSE bug 1196773SUSE bug 1196775cpe:/o:opensuse:leap:15.2CVE-2019-19462openSUSE Leap 15.2
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
LowCVE-2019-19462SUSE bug 1158265cpe:/o:opensuse:leap:15.2CVE-2019-19479openSUSE Leap 15.2
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
ModerateCVE-2019-19479SUSE bug 1158256SUSE bug 1179291cpe:/o:opensuse:leap:15.2CVE-2019-19480openSUSE Leap 15.2
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
LowCVE-2019-19480SUSE bug 1158307SUSE bug 1179291cpe:/o:opensuse:leap:15.2CVE-2019-19555openSUSE Leap 15.2
read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.
ModerateCVE-2019-19555SUSE bug 1161698cpe:/o:opensuse:leap:15.2CVE-2019-19603openSUSE Leap 15.2
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
ImportantCVE-2019-19603SUSE bug 1158960SUSE bug 1193078cpe:/o:opensuse:leap:15.2CVE-2019-19645openSUSE Leap 15.2
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
ModerateCVE-2019-19645SUSE bug 1158958cpe:/o:opensuse:leap:15.2CVE-2019-19646openSUSE Leap 15.2
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
ModerateCVE-2019-19646SUSE bug 1158959cpe:/o:opensuse:leap:15.2CVE-2019-19746openSUSE Leap 15.2
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
ModerateCVE-2019-19746SUSE bug 1159130cpe:/o:opensuse:leap:15.2CVE-2019-19769openSUSE Leap 15.2
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
ModerateCVE-2019-19769SUSE bug 1159280cpe:/o:opensuse:leap:15.2CVE-2019-19797openSUSE Leap 15.2
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
ModerateCVE-2019-19797SUSE bug 1159293cpe:/o:opensuse:leap:15.2CVE-2019-19880openSUSE Leap 15.2
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
ModerateCVE-2019-19880SUSE bug 1159491SUSE bug 1159715SUSE bug 1162833cpe:/o:opensuse:leap:15.2CVE-2019-19917openSUSE Leap 15.2
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
ModerateCVE-2019-19917SUSE bug 1159714cpe:/o:opensuse:leap:15.2CVE-2019-19918openSUSE Leap 15.2
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
ModerateCVE-2019-19918SUSE bug 1159713cpe:/o:opensuse:leap:15.2CVE-2019-19923openSUSE Leap 15.2
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
ModerateCVE-2019-19923SUSE bug 1160309SUSE bug 1162833cpe:/o:opensuse:leap:15.2CVE-2019-19924openSUSE Leap 15.2
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
ModerateCVE-2019-19924SUSE bug 1159850cpe:/o:opensuse:leap:15.2CVE-2019-19925openSUSE Leap 15.2
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
LowCVE-2019-19925SUSE bug 1159847SUSE bug 1162833cpe:/o:opensuse:leap:15.2CVE-2019-19926openSUSE Leap 15.2
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
ImportantCVE-2019-19926SUSE bug 1159491SUSE bug 1159715SUSE bug 1162833cpe:/o:opensuse:leap:15.2CVE-2019-19959openSUSE Leap 15.2
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
ModerateCVE-2019-19959SUSE bug 1160438cpe:/o:opensuse:leap:15.2CVE-2019-19977openSUSE Leap 15.2
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
ImportantCVE-2019-19977SUSE bug 1160462SUSE bug 1189097SUSE bug 1190329SUSE bug 1191840SUSE bug 1192365SUSE bug 1193380SUSE bug 1193381cpe:/o:opensuse:leap:15.2CVE-2019-20005openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
ModerateCVE-2019-20005SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20006openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
ModerateCVE-2019-20006SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20007openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
ModerateCVE-2019-20007SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20016openSUSE Leap 15.2
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.
ModerateCVE-2019-20016SUSE bug 1159839cpe:/o:opensuse:leap:15.2CVE-2019-20063openSUSE Leap 15.2
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.
ModerateCVE-2019-20063SUSE bug 1160040cpe:/o:opensuse:leap:15.2CVE-2019-20198openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
ModerateCVE-2019-20198SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20199openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
ModerateCVE-2019-20199SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20200openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
ModerateCVE-2019-20200SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20201openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
ModerateCVE-2019-20201SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20202openSUSE Leap 15.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
ModerateCVE-2019-20202SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2019-20218openSUSE Leap 15.2
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
ImportantCVE-2019-20218SUSE bug 1160439SUSE bug 1189840SUSE bug 1190372SUSE bug 1192495SUSE bug 1193078cpe:/o:opensuse:leap:15.2CVE-2019-20792openSUSE Leap 15.2
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
ModerateCVE-2019-20792SUSE bug 1170809cpe:/o:opensuse:leap:15.2CVE-2019-20810openSUSE Leap 15.2
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
LowCVE-2019-20810SUSE bug 1172458cpe:/o:opensuse:leap:15.2CVE-2019-20812openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
ModerateCVE-2019-20812SUSE bug 1172453cpe:/o:opensuse:leap:15.2CVE-2019-20838openSUSE Leap 15.2
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
ImportantCVE-2019-20838SUSE bug 1172973SUSE bug 1189526SUSE bug 1193384cpe:/o:opensuse:leap:15.2CVE-2019-20839openSUSE Leap 15.2
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
ImportantCVE-2019-20839SUSE bug 1173477SUSE bug 1173875cpe:/o:opensuse:leap:15.2CVE-2019-20840openSUSE Leap 15.2
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
ImportantCVE-2019-20840SUSE bug 1173477SUSE bug 1173876cpe:/o:opensuse:leap:15.2CVE-2019-20907openSUSE Leap 15.2
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
ModerateCVE-2019-20907SUSE bug 1174091cpe:/o:opensuse:leap:15.2CVE-2019-20916openSUSE Leap 15.2
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
ModerateCVE-2019-20916SUSE bug 1176262cpe:/o:opensuse:leap:15.2CVE-2019-20919openSUSE Leap 15.2
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
ImportantCVE-2019-20919SUSE bug 1176764cpe:/o:opensuse:leap:15.2CVE-2019-25013openSUSE Leap 15.2
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
ModerateCVE-2019-25013SUSE bug 1182117cpe:/o:opensuse:leap:15.2CVE-2019-25051openSUSE Leap 15.2
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
ImportantCVE-2019-25051SUSE bug 1188576SUSE bug 1189485SUSE bug 1192363SUSE bug 1193390cpe:/o:opensuse:leap:15.2CVE-2019-3500openSUSE Leap 15.2
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
ModerateCVE-2019-3500SUSE bug 1120488cpe:/o:opensuse:leap:15.2CVE-2019-3855openSUSE Leap 15.2
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
ModerateCVE-2019-3855SUSE bug 1128471SUSE bug 1134329SUSE bug 1135434SUSE bug 1141850cpe:/o:opensuse:leap:15.2CVE-2019-3856openSUSE Leap 15.2
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
ModerateCVE-2019-3856SUSE bug 1128472SUSE bug 1135434cpe:/o:opensuse:leap:15.2CVE-2019-3857openSUSE Leap 15.2
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
ModerateCVE-2019-3857SUSE bug 1128474SUSE bug 1135434cpe:/o:opensuse:leap:15.2CVE-2019-3858openSUSE Leap 15.2
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3858SUSE bug 1128476SUSE bug 1135434cpe:/o:opensuse:leap:15.2CVE-2019-3859openSUSE Leap 15.2
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3859SUSE bug 1128480SUSE bug 1130103SUSE bug 1135434cpe:/o:opensuse:leap:15.2CVE-2019-3860openSUSE Leap 15.2
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3860SUSE bug 1128481SUSE bug 1135434SUSE bug 1136570cpe:/o:opensuse:leap:15.2CVE-2019-3861openSUSE Leap 15.2
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3861SUSE bug 1128490SUSE bug 1135434cpe:/o:opensuse:leap:15.2CVE-2019-3862openSUSE Leap 15.2
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3862SUSE bug 1128492SUSE bug 1135434cpe:/o:opensuse:leap:15.2CVE-2019-3863openSUSE Leap 15.2
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
ModerateCVE-2019-3863SUSE bug 1128493SUSE bug 1130103SUSE bug 1135434cpe:/o:opensuse:leap:15.2CVE-2019-3881openSUSE Leap 15.2
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
ModerateCVE-2019-3881SUSE bug 1143436cpe:/o:opensuse:leap:15.2CVE-2019-3902openSUSE Leap 15.2
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
ModerateCVE-2019-3902SUSE bug 1133035cpe:/o:opensuse:leap:15.2CVE-2019-5010openSUSE Leap 15.2
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
ImportantCVE-2019-5010SUSE bug 1122191SUSE bug 1126909cpe:/o:opensuse:leap:15.2CVE-2019-5418openSUSE Leap 15.2
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
ModerateCVE-2019-5418SUSE bug 1129272cpe:/o:opensuse:leap:15.2CVE-2019-5419openSUSE Leap 15.2
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
ModerateCVE-2019-5419SUSE bug 1129271cpe:/o:opensuse:leap:15.2CVE-2019-5420openSUSE Leap 15.2
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
ImportantCVE-2019-5420SUSE bug 1129268cpe:/o:opensuse:leap:15.2CVE-2019-5477openSUSE Leap 15.2
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
ImportantCVE-2019-5477SUSE bug 1146578cpe:/o:opensuse:leap:15.2CVE-2019-6477openSUSE Leap 15.2
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).
ModerateCVE-2019-6477SUSE bug 1157051SUSE bug 1197136cpe:/o:opensuse:leap:15.2CVE-2019-7314openSUSE Leap 15.2
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
ImportantCVE-2019-7314SUSE bug 1124159cpe:/o:opensuse:leap:15.2CVE-2019-8075openSUSE Leap 15.2
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
ImportantCVE-2019-8075SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2019-8842openSUSE Leap 15.2
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
LowCVE-2019-8842SUSE bug 1170671cpe:/o:opensuse:leap:15.2CVE-2019-9074openSUSE Leap 15.2
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
ModerateCVE-2019-9074SUSE bug 1126831cpe:/o:opensuse:leap:15.2CVE-2019-9075openSUSE Leap 15.2
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
ImportantCVE-2019-9075SUSE bug 1071544SUSE bug 1126829SUSE bug 1193110cpe:/o:opensuse:leap:15.2CVE-2019-9077openSUSE Leap 15.2
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
ModerateCVE-2019-9077SUSE bug 1126826cpe:/o:opensuse:leap:15.2CVE-2019-9215openSUSE Leap 15.2
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
ImportantCVE-2019-9215SUSE bug 1127341cpe:/o:opensuse:leap:15.2CVE-2019-9494openSUSE Leap 15.2
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
ImportantCVE-2019-9494SUSE bug 1131291SUSE bug 1131868SUSE bug 1194732cpe:/o:opensuse:leap:15.2CVE-2019-9495openSUSE Leap 15.2
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
ModerateCVE-2019-9495SUSE bug 1131291SUSE bug 1131870SUSE bug 1194733cpe:/o:opensuse:leap:15.2CVE-2019-9497openSUSE Leap 15.2
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
ModerateCVE-2019-9497SUSE bug 1131871SUSE bug 1131872SUSE bug 1131874cpe:/o:opensuse:leap:15.2CVE-2019-9498openSUSE Leap 15.2
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
ImportantCVE-2019-9498SUSE bug 1131871SUSE bug 1131872SUSE bug 1131874cpe:/o:opensuse:leap:15.2CVE-2019-9499openSUSE Leap 15.2
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
ImportantCVE-2019-9499SUSE bug 1131871SUSE bug 1131872SUSE bug 1131874cpe:/o:opensuse:leap:15.2CVE-2019-9578openSUSE Leap 15.2
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
LowCVE-2019-9578SUSE bug 1128140cpe:/o:opensuse:leap:15.2CVE-2019-9752openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
ImportantCVE-2019-9752SUSE bug 1122560SUSE bug 1129756cpe:/o:opensuse:leap:15.2CVE-2019-9755openSUSE Leap 15.2
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
ModerateCVE-2019-9755SUSE bug 1130165cpe:/o:opensuse:leap:15.2CVE-2019-9892openSUSE Leap 15.2
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.
ModerateCVE-2019-9892SUSE bug 1133755SUSE bug 1139406cpe:/o:opensuse:leap:15.2CVE-2020-0110openSUSE Leap 15.2
In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel
ImportantCVE-2020-0110SUSE bug 1171374SUSE bug 1174874cpe:/o:opensuse:leap:15.2CVE-2020-0305openSUSE Leap 15.2
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
ModerateCVE-2020-0305SUSE bug 1174462cpe:/o:opensuse:leap:15.2CVE-2020-0404openSUSE Leap 15.2
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
ModerateCVE-2020-0404SUSE bug 1176423cpe:/o:opensuse:leap:15.2CVE-2020-0427openSUSE Leap 15.2
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
ModerateCVE-2020-0427SUSE bug 1176725cpe:/o:opensuse:leap:15.2CVE-2020-0431openSUSE Leap 15.2
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
ImportantCVE-2020-0431SUSE bug 1176722SUSE bug 1176896cpe:/o:opensuse:leap:15.2CVE-2020-0432openSUSE Leap 15.2
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807
ImportantCVE-2020-0432SUSE bug 1176721SUSE bug 1177165cpe:/o:opensuse:leap:15.2CVE-2020-0444openSUSE Leap 15.2
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel
ModerateCVE-2020-0444SUSE bug 1180027SUSE bug 1180028cpe:/o:opensuse:leap:15.2CVE-2020-0465openSUSE Leap 15.2
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
ImportantCVE-2020-0465SUSE bug 1180029SUSE bug 1180030cpe:/o:opensuse:leap:15.2CVE-2020-0466openSUSE Leap 15.2
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
ImportantCVE-2020-0466SUSE bug 1180031SUSE bug 1180032SUSE bug 1199255cpe:/o:opensuse:leap:15.2CVE-2020-0487openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
ImportantCVE-2020-0487SUSE bug 1180112cpe:/o:opensuse:leap:15.2CVE-2020-0499openSUSE Leap 15.2
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
ModerateCVE-2020-0499SUSE bug 1180099cpe:/o:opensuse:leap:15.2CVE-2020-0543openSUSE Leap 15.2
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-0543SUSE bug 1154824SUSE bug 1172205SUSE bug 1172206SUSE bug 1172207SUSE bug 1172770SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-0556openSUSE Leap 15.2
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
ModerateCVE-2020-0556SUSE bug 1166751cpe:/o:opensuse:leap:15.2CVE-2020-10001openSUSE Leap 15.2
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.
ModerateCVE-2020-10001SUSE bug 1170671SUSE bug 1180520cpe:/o:opensuse:leap:15.2CVE-2020-10135openSUSE Leap 15.2
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
ModerateCVE-2020-10135SUSE bug 1171988cpe:/o:opensuse:leap:15.2CVE-2020-10592openSUSE Leap 15.2
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
ModerateCVE-2020-10592SUSE bug 1167013cpe:/o:opensuse:leap:15.2CVE-2020-10593openSUSE Leap 15.2
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
ModerateCVE-2020-10593SUSE bug 1167014cpe:/o:opensuse:leap:15.2CVE-2020-10648openSUSE Leap 15.2
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
ModerateCVE-2020-10648SUSE bug 1167209cpe:/o:opensuse:leap:15.2CVE-2020-10696openSUSE Leap 15.2
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
ImportantCVE-2020-10696SUSE bug 1167864cpe:/o:opensuse:leap:15.2CVE-2020-10700openSUSE Leap 15.2
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
ModerateCVE-2020-10700SUSE bug 1169850SUSE bug 1173159cpe:/o:opensuse:leap:15.2CVE-2020-10704openSUSE Leap 15.2
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
ImportantCVE-2020-10704SUSE bug 1169851SUSE bug 1170771cpe:/o:opensuse:leap:15.2CVE-2020-10711openSUSE Leap 15.2
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
ModerateCVE-2020-10711SUSE bug 1171191cpe:/o:opensuse:leap:15.2CVE-2020-10713openSUSE Leap 15.2
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-10713SUSE bug 1168994SUSE bug 1173456SUSE bug 1173812SUSE bug 1199353cpe:/o:opensuse:leap:15.2CVE-2020-10730openSUSE Leap 15.2
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-10730SUSE bug 1173159cpe:/o:opensuse:leap:15.2CVE-2020-10732openSUSE Leap 15.2
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
LowCVE-2020-10732SUSE bug 1171220cpe:/o:opensuse:leap:15.2CVE-2020-10745openSUSE Leap 15.2
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.
ImportantCVE-2020-10745SUSE bug 1173160cpe:/o:opensuse:leap:15.2CVE-2020-10749openSUSE Leap 15.2
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
ModerateCVE-2020-10749SUSE bug 1172375SUSE bug 1172410cpe:/o:opensuse:leap:15.2CVE-2020-10751openSUSE Leap 15.2
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
ModerateCVE-2020-10751SUSE bug 1171189SUSE bug 1174963cpe:/o:opensuse:leap:15.2CVE-2020-10756openSUSE Leap 15.2
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
ModerateCVE-2020-10756SUSE bug 1172380SUSE bug 1184743cpe:/o:opensuse:leap:15.2CVE-2020-10757openSUSE Leap 15.2
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
ImportantCVE-2020-10757SUSE bug 1172317SUSE bug 1172437cpe:/o:opensuse:leap:15.2CVE-2020-10759openSUSE Leap 15.2
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
ImportantCVE-2020-10759SUSE bug 1172643cpe:/o:opensuse:leap:15.2CVE-2020-10760openSUSE Leap 15.2
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.
ModerateCVE-2020-10760SUSE bug 1173161cpe:/o:opensuse:leap:15.2CVE-2020-10761openSUSE Leap 15.2
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
ImportantCVE-2020-10761SUSE bug 1172710cpe:/o:opensuse:leap:15.2CVE-2020-10766openSUSE Leap 15.2
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.
ModerateCVE-2020-10766SUSE bug 1172781cpe:/o:opensuse:leap:15.2CVE-2020-10767openSUSE Leap 15.2
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.
ModerateCVE-2020-10767SUSE bug 1172782cpe:/o:opensuse:leap:15.2CVE-2020-10768openSUSE Leap 15.2
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
ModerateCVE-2020-10768SUSE bug 1172783cpe:/o:opensuse:leap:15.2CVE-2020-10773openSUSE Leap 15.2
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
LowCVE-2020-10773SUSE bug 1172999cpe:/o:opensuse:leap:15.2CVE-2020-10781openSUSE Leap 15.2
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
ModerateCVE-2020-10781SUSE bug 1173074cpe:/o:opensuse:leap:15.2CVE-2020-10932openSUSE Leap 15.2
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
ModerateCVE-2020-10932SUSE bug 1181468cpe:/o:opensuse:leap:15.2CVE-2020-11022openSUSE Leap 15.2
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
ModerateCVE-2020-11022SUSE bug 1173090SUSE bug 1178434SUSE bug 1190663cpe:/o:opensuse:leap:15.2CVE-2020-11023openSUSE Leap 15.2
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
ModerateCVE-2020-11023SUSE bug 1173090SUSE bug 1178434SUSE bug 1190660cpe:/o:opensuse:leap:15.2CVE-2020-11076openSUSE Leap 15.2
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
ModerateCVE-2020-11076SUSE bug 1172175SUSE bug 1172176cpe:/o:opensuse:leap:15.2CVE-2020-11077openSUSE Leap 15.2
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.
ModerateCVE-2020-11077SUSE bug 1172175SUSE bug 1172176cpe:/o:opensuse:leap:15.2CVE-2020-11078openSUSE Leap 15.2
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
ModerateCVE-2020-11078SUSE bug 1171998cpe:/o:opensuse:leap:15.2CVE-2020-11080openSUSE Leap 15.2
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
ImportantCVE-2020-11080SUSE bug 1172441SUSE bug 1172442SUSE bug 1181358cpe:/o:opensuse:leap:15.2CVE-2020-11647openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
ModerateCVE-2020-11647SUSE bug 1169063cpe:/o:opensuse:leap:15.2CVE-2020-11651openSUSE Leap 15.2
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
CriticalCVE-2020-11651SUSE bug 1170595cpe:/o:opensuse:leap:15.2CVE-2020-11652openSUSE Leap 15.2
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
CriticalCVE-2020-11652SUSE bug 1170595cpe:/o:opensuse:leap:15.2CVE-2020-11668openSUSE Leap 15.2
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
ImportantCVE-2020-11668SUSE bug 1168952SUSE bug 1173942cpe:/o:opensuse:leap:15.2CVE-2020-11800openSUSE Leap 15.2
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
ModerateCVE-2020-11800SUSE bug 1177467cpe:/o:opensuse:leap:15.2CVE-2020-11810openSUSE Leap 15.2
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.
LowCVE-2020-11810SUSE bug 1169925cpe:/o:opensuse:leap:15.2CVE-2020-11867openSUSE Leap 15.2
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
LowCVE-2020-11867SUSE bug 1179449cpe:/o:opensuse:leap:15.2CVE-2020-11868openSUSE Leap 15.2
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
ModerateCVE-2020-11868SUSE bug 1169740cpe:/o:opensuse:leap:15.2CVE-2020-11947openSUSE Leap 15.2
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
ModerateCVE-2020-11947SUSE bug 1180523cpe:/o:opensuse:leap:15.2CVE-2020-11984openSUSE Leap 15.2
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
ImportantCVE-2020-11984SUSE bug 1175074cpe:/o:opensuse:leap:15.2CVE-2020-11993openSUSE Leap 15.2
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
ModerateCVE-2020-11993SUSE bug 1175070SUSE bug 1178074SUSE bug 1180830cpe:/o:opensuse:leap:15.2CVE-2020-11996openSUSE Leap 15.2
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
ModerateCVE-2020-11996SUSE bug 1173389cpe:/o:opensuse:leap:15.2CVE-2020-12049openSUSE Leap 15.2
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
ModerateCVE-2020-12049SUSE bug 1172505cpe:/o:opensuse:leap:15.2CVE-2020-12100openSUSE Leap 15.2
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
ImportantCVE-2020-12100SUSE bug 1174920SUSE bug 1180406cpe:/o:opensuse:leap:15.2CVE-2020-12108openSUSE Leap 15.2
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
ModerateCVE-2020-12108SUSE bug 1171363cpe:/o:opensuse:leap:15.2CVE-2020-12137openSUSE Leap 15.2
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
ModerateCVE-2020-12137SUSE bug 1170558cpe:/o:opensuse:leap:15.2CVE-2020-12245openSUSE Leap 15.2
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
ModerateCVE-2020-12245SUSE bug 1170557cpe:/o:opensuse:leap:15.2CVE-2020-12321openSUSE Leap 15.2
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CriticalCVE-2020-12321SUSE bug 1178671cpe:/o:opensuse:leap:15.2CVE-2020-12351openSUSE Leap 15.2
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
ImportantCVE-2020-12351SUSE bug 1177724SUSE bug 1177729SUSE bug 1178397cpe:/o:opensuse:leap:15.2CVE-2020-12352openSUSE Leap 15.2
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
ModerateCVE-2020-12352SUSE bug 1177725SUSE bug 1178398cpe:/o:opensuse:leap:15.2CVE-2020-12362openSUSE Leap 15.2
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
ImportantCVE-2020-12362SUSE bug 1181720SUSE bug 1182033SUSE bug 1190859cpe:/o:opensuse:leap:15.2CVE-2020-12363openSUSE Leap 15.2
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
ModerateCVE-2020-12363SUSE bug 1181720SUSE bug 1181735cpe:/o:opensuse:leap:15.2CVE-2020-12364openSUSE Leap 15.2
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
ModerateCVE-2020-12364SUSE bug 1181720SUSE bug 1181736cpe:/o:opensuse:leap:15.2CVE-2020-12373openSUSE Leap 15.2
Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
ModerateCVE-2020-12373SUSE bug 1181720SUSE bug 1181738cpe:/o:opensuse:leap:15.2CVE-2020-12400openSUSE Leap 15.2
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
ModerateCVE-2020-12400SUSE bug 1174763SUSE bug 1175686cpe:/o:opensuse:leap:15.2CVE-2020-12401openSUSE Leap 15.2
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
ModerateCVE-2020-12401SUSE bug 1174763SUSE bug 1175686cpe:/o:opensuse:leap:15.2CVE-2020-12402openSUSE Leap 15.2
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
ModerateCVE-2020-12402SUSE bug 1173032SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12403openSUSE Leap 15.2
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
ModerateCVE-2020-12403SUSE bug 1174763cpe:/o:opensuse:leap:15.2CVE-2020-12415openSUSE Leap 15.2
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12415SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12416openSUSE Leap 15.2
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12416SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12417openSUSE Leap 15.2
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12417SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12418openSUSE Leap 15.2
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12418SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12419openSUSE Leap 15.2
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12419SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12420openSUSE Leap 15.2
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12420SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12421openSUSE Leap 15.2
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12421SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12422openSUSE Leap 15.2
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12422SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12423openSUSE Leap 15.2
When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.
ImportantCVE-2020-12423SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12424openSUSE Leap 15.2
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12424SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12425openSUSE Leap 15.2
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12425SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12426openSUSE Leap 15.2
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12426SUSE bug 1173576SUSE bug 1174230cpe:/o:opensuse:leap:15.2CVE-2020-12625openSUSE Leap 15.2
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
ModerateCVE-2020-12625SUSE bug 1171040SUSE bug 1175135cpe:/o:opensuse:leap:15.2CVE-2020-12640openSUSE Leap 15.2
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
ImportantCVE-2020-12640SUSE bug 1171149SUSE bug 1175135cpe:/o:opensuse:leap:15.2CVE-2020-12641openSUSE Leap 15.2
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
ImportantCVE-2020-12641SUSE bug 1171148SUSE bug 1175135cpe:/o:opensuse:leap:15.2CVE-2020-12652openSUSE Leap 15.2
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
ModerateCVE-2020-12652SUSE bug 1171218cpe:/o:opensuse:leap:15.2CVE-2020-12656openSUSE Leap 15.2
** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug.
LowCVE-2020-12656SUSE bug 1171219cpe:/o:opensuse:leap:15.2CVE-2020-12658openSUSE Leap 15.2
** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem."
ModerateCVE-2020-12658SUSE bug 1180515cpe:/o:opensuse:leap:15.2CVE-2020-12662openSUSE Leap 15.2
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
ImportantCVE-2020-12662SUSE bug 1171889cpe:/o:opensuse:leap:15.2CVE-2020-12663openSUSE Leap 15.2
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
ImportantCVE-2020-12663SUSE bug 1171889cpe:/o:opensuse:leap:15.2CVE-2020-12673openSUSE Leap 15.2
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
ImportantCVE-2020-12673SUSE bug 1174920SUSE bug 1174922cpe:/o:opensuse:leap:15.2CVE-2020-12674openSUSE Leap 15.2
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
ImportantCVE-2020-12674SUSE bug 1174920SUSE bug 1174923cpe:/o:opensuse:leap:15.2CVE-2020-12693openSUSE Leap 15.2
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
ModerateCVE-2020-12693SUSE bug 1172004SUSE bug 1173804cpe:/o:opensuse:leap:15.2CVE-2020-12695openSUSE Leap 15.2
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
ImportantCVE-2020-12695SUSE bug 1172700SUSE bug 1179447cpe:/o:opensuse:leap:15.2CVE-2020-12769openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
ModerateCVE-2020-12769SUSE bug 1171983cpe:/o:opensuse:leap:15.2CVE-2020-12771openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
ModerateCVE-2020-12771SUSE bug 1171732cpe:/o:opensuse:leap:15.2CVE-2020-12783openSUSE Leap 15.2
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
ModerateCVE-2020-12783SUSE bug 1171490cpe:/o:opensuse:leap:15.2CVE-2020-12802openSUSE Leap 15.2
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
LowCVE-2020-12802SUSE bug 1172796cpe:/o:opensuse:leap:15.2CVE-2020-12803openSUSE Leap 15.2
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
ModerateCVE-2020-12803SUSE bug 1172795cpe:/o:opensuse:leap:15.2CVE-2020-12823openSUSE Leap 15.2
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
ModerateCVE-2020-12823SUSE bug 1171862cpe:/o:opensuse:leap:15.2CVE-2020-12825openSUSE Leap 15.2
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
ModerateCVE-2020-12825SUSE bug 1171685cpe:/o:opensuse:leap:15.2CVE-2020-12829openSUSE Leap 15.2
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
ModerateCVE-2020-12829SUSE bug 1172385cpe:/o:opensuse:leap:15.2CVE-2020-12861openSUSE Leap 15.2
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
ModerateCVE-2020-12861SUSE bug 1172524cpe:/o:opensuse:leap:15.2CVE-2020-12862openSUSE Leap 15.2
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
ModerateCVE-2020-12862SUSE bug 1172524cpe:/o:opensuse:leap:15.2CVE-2020-12863openSUSE Leap 15.2
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.
ModerateCVE-2020-12863SUSE bug 1172524cpe:/o:opensuse:leap:15.2CVE-2020-12864openSUSE Leap 15.2
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.
ModerateCVE-2020-12864SUSE bug 1172524cpe:/o:opensuse:leap:15.2CVE-2020-12865openSUSE Leap 15.2
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
ModerateCVE-2020-12865SUSE bug 1172524cpe:/o:opensuse:leap:15.2CVE-2020-12866openSUSE Leap 15.2
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
ModerateCVE-2020-12866SUSE bug 1172524cpe:/o:opensuse:leap:15.2CVE-2020-12867openSUSE Leap 15.2
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
ModerateCVE-2020-12867SUSE bug 1172524cpe:/o:opensuse:leap:15.2CVE-2020-12888openSUSE Leap 15.2
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
ModerateCVE-2020-12888SUSE bug 1171868SUSE bug 1176979SUSE bug 1179612cpe:/o:opensuse:leap:15.2CVE-2020-13143openSUSE Leap 15.2
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
ModerateCVE-2020-13143SUSE bug 1171982cpe:/o:opensuse:leap:15.2CVE-2020-13164openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
ModerateCVE-2020-13164SUSE bug 1171899cpe:/o:opensuse:leap:15.2CVE-2020-13361openSUSE Leap 15.2
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
LowCVE-2020-13361SUSE bug 1172384cpe:/o:opensuse:leap:15.2CVE-2020-13362openSUSE Leap 15.2
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
LowCVE-2020-13362SUSE bug 1172383cpe:/o:opensuse:leap:15.2CVE-2020-13379openSUSE Leap 15.2
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
ImportantCVE-2020-13379SUSE bug 1172409cpe:/o:opensuse:leap:15.2CVE-2020-13428openSUSE Leap 15.2
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
ModerateCVE-2020-13428SUSE bug 1172727cpe:/o:opensuse:leap:15.2CVE-2020-13429openSUSE Leap 15.2
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
ModerateCVE-2020-13429SUSE bug 1172125cpe:/o:opensuse:leap:15.2CVE-2020-13434openSUSE Leap 15.2
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
ModerateCVE-2020-13434SUSE bug 1172115cpe:/o:opensuse:leap:15.2CVE-2020-13435openSUSE Leap 15.2
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
ImportantCVE-2020-13435SUSE bug 1172091cpe:/o:opensuse:leap:15.2CVE-2020-13543openSUSE Leap 15.2
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
ImportantCVE-2020-13543SUSE bug 1179451cpe:/o:opensuse:leap:15.2CVE-2020-13558openSUSE Leap 15.2
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
ImportantCVE-2020-13558SUSE bug 1182286cpe:/o:opensuse:leap:15.2CVE-2020-13576openSUSE Leap 15.2
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
ImportantCVE-2020-13576SUSE bug 1182098cpe:/o:opensuse:leap:15.2CVE-2020-13584openSUSE Leap 15.2
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
ImportantCVE-2020-13584SUSE bug 1179122SUSE bug 1179910SUSE bug 1179911SUSE bug 1179912cpe:/o:opensuse:leap:15.2CVE-2020-13625openSUSE Leap 15.2
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
ImportantCVE-2020-13625SUSE bug 1173090cpe:/o:opensuse:leap:15.2CVE-2020-13630openSUSE Leap 15.2
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
ModerateCVE-2020-13630SUSE bug 1172234cpe:/o:opensuse:leap:15.2CVE-2020-13631openSUSE Leap 15.2
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
ModerateCVE-2020-13631SUSE bug 1172236cpe:/o:opensuse:leap:15.2CVE-2020-13632openSUSE Leap 15.2
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
ModerateCVE-2020-13632SUSE bug 1172240cpe:/o:opensuse:leap:15.2CVE-2020-13645openSUSE Leap 15.2
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
ModerateCVE-2020-13645SUSE bug 1172460cpe:/o:opensuse:leap:15.2CVE-2020-13659openSUSE Leap 15.2
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
ModerateCVE-2020-13659SUSE bug 1172386cpe:/o:opensuse:leap:15.2CVE-2020-13757openSUSE Leap 15.2
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
ImportantCVE-2020-13757SUSE bug 1172389cpe:/o:opensuse:leap:15.2CVE-2020-13790openSUSE Leap 15.2
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
ModerateCVE-2020-13790SUSE bug 1172491cpe:/o:opensuse:leap:15.2CVE-2020-13800openSUSE Leap 15.2
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
ModerateCVE-2020-13800SUSE bug 1172495cpe:/o:opensuse:leap:15.2CVE-2020-13817openSUSE Leap 15.2
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
ModerateCVE-2020-13817SUSE bug 1172651cpe:/o:opensuse:leap:15.2CVE-2020-13844openSUSE Leap 15.2
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."
ModerateCVE-2020-13844SUSE bug 1172798cpe:/o:opensuse:leap:15.2CVE-2020-13845openSUSE Leap 15.2
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
ModerateCVE-2020-13845SUSE bug 1174150cpe:/o:opensuse:leap:15.2CVE-2020-13846openSUSE Leap 15.2
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
ModerateCVE-2020-13846SUSE bug 1174148cpe:/o:opensuse:leap:15.2CVE-2020-13847openSUSE Leap 15.2
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
ModerateCVE-2020-13847SUSE bug 1174152cpe:/o:opensuse:leap:15.2CVE-2020-13867openSUSE Leap 15.2
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
ModerateCVE-2020-13867SUSE bug 1172743cpe:/o:opensuse:leap:15.2CVE-2020-13934openSUSE Leap 15.2
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
ModerateCVE-2020-13934SUSE bug 1174121cpe:/o:opensuse:leap:15.2CVE-2020-13935openSUSE Leap 15.2
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
ImportantCVE-2020-13935SUSE bug 1174117cpe:/o:opensuse:leap:15.2CVE-2020-13936openSUSE Leap 15.2
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
ImportantCVE-2020-13936SUSE bug 1183360cpe:/o:opensuse:leap:15.2CVE-2020-13943openSUSE Leap 15.2
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
ModerateCVE-2020-13943SUSE bug 1177582cpe:/o:opensuse:leap:15.2CVE-2020-13950openSUSE Leap 15.2
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
ImportantCVE-2020-13950SUSE bug 1187040cpe:/o:opensuse:leap:15.2CVE-2020-13962openSUSE Leap 15.2
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
ImportantCVE-2020-13962SUSE bug 1172726cpe:/o:opensuse:leap:15.2CVE-2020-13974openSUSE Leap 15.2
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.
ModerateCVE-2020-13974SUSE bug 1172775cpe:/o:opensuse:leap:15.2CVE-2020-13977openSUSE Leap 15.2
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
ModerateCVE-2020-13977SUSE bug 1172794cpe:/o:opensuse:leap:15.2CVE-2020-13987openSUSE Leap 15.2
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
ImportantCVE-2020-13987SUSE bug 1179907SUSE bug 1179908SUSE bug 1193385cpe:/o:opensuse:leap:15.2CVE-2020-13988openSUSE Leap 15.2
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
ImportantCVE-2020-13988SUSE bug 1179907SUSE bug 1179908SUSE bug 1193385cpe:/o:opensuse:leap:15.2CVE-2020-14004openSUSE Leap 15.2
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.
ModerateCVE-2020-14004SUSE bug 1172171cpe:/o:opensuse:leap:15.2CVE-2020-14019openSUSE Leap 15.2
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
ModerateCVE-2020-14019SUSE bug 1173257cpe:/o:opensuse:leap:15.2CVE-2020-14039openSUSE Leap 15.2
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
ModerateCVE-2020-14039SUSE bug 1174191cpe:/o:opensuse:leap:15.2CVE-2020-14059openSUSE Leap 15.2
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
ModerateCVE-2020-14059SUSE bug 1173303SUSE bug 1173304cpe:/o:opensuse:leap:15.2CVE-2020-14093openSUSE Leap 15.2
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
ImportantCVE-2020-14093SUSE bug 1172906SUSE bug 1172935cpe:/o:opensuse:leap:15.2CVE-2020-14145openSUSE Leap 15.2
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
ModerateCVE-2020-14145SUSE bug 1173513SUSE bug 1177569SUSE bug 1189078cpe:/o:opensuse:leap:15.2CVE-2020-14154openSUSE Leap 15.2
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
ImportantCVE-2020-14154SUSE bug 1172906SUSE bug 1172935cpe:/o:opensuse:leap:15.2CVE-2020-14155openSUSE Leap 15.2
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
ModerateCVE-2020-14155SUSE bug 1172974cpe:/o:opensuse:leap:15.2CVE-2020-14196openSUSE Leap 15.2
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
ModerateCVE-2020-14196SUSE bug 1173302cpe:/o:opensuse:leap:15.2CVE-2020-14295openSUSE Leap 15.2
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
ImportantCVE-2020-14295SUSE bug 1173090cpe:/o:opensuse:leap:15.2CVE-2020-14303openSUSE Leap 15.2
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
ImportantCVE-2020-14303SUSE bug 1173359cpe:/o:opensuse:leap:15.2CVE-2020-14308openSUSE Leap 15.2
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
ModerateCVE-2020-14308SUSE bug 1168994SUSE bug 1173812cpe:/o:opensuse:leap:15.2CVE-2020-14309openSUSE Leap 15.2
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
ModerateCVE-2020-14309SUSE bug 1168994SUSE bug 1173812cpe:/o:opensuse:leap:15.2CVE-2020-14310openSUSE Leap 15.2
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
ModerateCVE-2020-14310SUSE bug 1168994SUSE bug 1173812cpe:/o:opensuse:leap:15.2CVE-2020-14311openSUSE Leap 15.2
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
ModerateCVE-2020-14311SUSE bug 1168994SUSE bug 1173812cpe:/o:opensuse:leap:15.2CVE-2020-14312openSUSE Leap 15.2
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.
ModerateCVE-2020-14312SUSE bug 1173646cpe:/o:opensuse:leap:15.2CVE-2020-14314openSUSE Leap 15.2
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-14314SUSE bug 1173798cpe:/o:opensuse:leap:15.2CVE-2020-14318openSUSE Leap 15.2
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
ModerateCVE-2020-14318SUSE bug 1173902cpe:/o:opensuse:leap:15.2CVE-2020-14323openSUSE Leap 15.2
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
ModerateCVE-2020-14323SUSE bug 1173994cpe:/o:opensuse:leap:15.2CVE-2020-14331openSUSE Leap 15.2
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14331SUSE bug 1174205SUSE bug 1174247cpe:/o:opensuse:leap:15.2CVE-2020-14339openSUSE Leap 15.2
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2020-14339SUSE bug 1174458cpe:/o:opensuse:leap:15.2CVE-2020-14342openSUSE Leap 15.2
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.
ModerateCVE-2020-14342SUSE bug 1174477cpe:/o:opensuse:leap:15.2CVE-2020-14343openSUSE Leap 15.2
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
ImportantCVE-2020-14343SUSE bug 1174514cpe:/o:opensuse:leap:15.2CVE-2020-14344openSUSE Leap 15.2
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
ModerateCVE-2020-14344SUSE bug 1174628SUSE bug 1174638SUSE bug 1175880cpe:/o:opensuse:leap:15.2CVE-2020-14345openSUSE Leap 15.2
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14345SUSE bug 1174635SUSE bug 1174638SUSE bug 1174908SUSE bug 1174910SUSE bug 1174913SUSE bug 1177596SUSE bug 1181067cpe:/o:opensuse:leap:15.2CVE-2020-14346openSUSE Leap 15.2
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14346SUSE bug 1174635SUSE bug 1174638SUSE bug 1174910SUSE bug 1174913cpe:/o:opensuse:leap:15.2CVE-2020-14347openSUSE Leap 15.2
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
ModerateCVE-2020-14347SUSE bug 1174633cpe:/o:opensuse:leap:15.2CVE-2020-14349openSUSE Leap 15.2
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
ImportantCVE-2020-14349SUSE bug 1175193SUSE bug 1176151SUSE bug 1179499SUSE bug 1179870cpe:/o:opensuse:leap:15.2CVE-2020-14350openSUSE Leap 15.2
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
ImportantCVE-2020-14350SUSE bug 1175194SUSE bug 1176151SUSE bug 1179115SUSE bug 1179499SUSE bug 1179870cpe:/o:opensuse:leap:15.2CVE-2020-14351openSUSE Leap 15.2
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ModerateCVE-2020-14351SUSE bug 1177086cpe:/o:opensuse:leap:15.2CVE-2020-14352openSUSE Leap 15.2
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
ImportantCVE-2020-14352SUSE bug 1175475cpe:/o:opensuse:leap:15.2CVE-2020-14355openSUSE Leap 15.2
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
ModerateCVE-2020-14355SUSE bug 1177158cpe:/o:opensuse:leap:15.2CVE-2020-14356openSUSE Leap 15.2
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
ModerateCVE-2020-14356SUSE bug 1175213SUSE bug 1176392cpe:/o:opensuse:leap:15.2CVE-2020-14360openSUSE Leap 15.2
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14360SUSE bug 1174908SUSE bug 1177596cpe:/o:opensuse:leap:15.2CVE-2020-14361openSUSE Leap 15.2
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14361SUSE bug 1174635SUSE bug 1174638SUSE bug 1174910SUSE bug 1174913cpe:/o:opensuse:leap:15.2CVE-2020-14362openSUSE Leap 15.2
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14362SUSE bug 1174635SUSE bug 1174638SUSE bug 1174910SUSE bug 1174913cpe:/o:opensuse:leap:15.2CVE-2020-14363openSUSE Leap 15.2
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
ImportantCVE-2020-14363SUSE bug 1175239cpe:/o:opensuse:leap:15.2CVE-2020-14364openSUSE Leap 15.2
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
ModerateCVE-2020-14364SUSE bug 1175441SUSE bug 1175534SUSE bug 1176494cpe:/o:opensuse:leap:15.2CVE-2020-14370openSUSE Leap 15.2
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
ModerateCVE-2020-14370SUSE bug 1176804cpe:/o:opensuse:leap:15.2CVE-2020-14372openSUSE Leap 15.2
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
ImportantCVE-2020-14372SUSE bug 1175970SUSE bug 1192833cpe:/o:opensuse:leap:15.2CVE-2020-14374openSUSE Leap 15.2
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CriticalCVE-2020-14374SUSE bug 1176590cpe:/o:opensuse:leap:15.2CVE-2020-14375openSUSE Leap 15.2
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CriticalCVE-2020-14375SUSE bug 1176590cpe:/o:opensuse:leap:15.2CVE-2020-14376openSUSE Leap 15.2
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CriticalCVE-2020-14376SUSE bug 1176590cpe:/o:opensuse:leap:15.2CVE-2020-14377openSUSE Leap 15.2
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.
CriticalCVE-2020-14377SUSE bug 1176590cpe:/o:opensuse:leap:15.2CVE-2020-14378openSUSE Leap 15.2
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
CriticalCVE-2020-14378SUSE bug 1176590cpe:/o:opensuse:leap:15.2CVE-2020-14383openSUSE Leap 15.2
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.
ModerateCVE-2020-14383SUSE bug 1177613cpe:/o:opensuse:leap:15.2CVE-2020-14385openSUSE Leap 15.2
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-14385SUSE bug 1176137cpe:/o:opensuse:leap:15.2CVE-2020-14386openSUSE Leap 15.2
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
ImportantCVE-2020-14386SUSE bug 1176069SUSE bug 1176072cpe:/o:opensuse:leap:15.2CVE-2020-14390openSUSE Leap 15.2
A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
ImportantCVE-2020-14390SUSE bug 1176235SUSE bug 1176253SUSE bug 1176278cpe:/o:opensuse:leap:15.2CVE-2020-14392openSUSE Leap 15.2
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
ImportantCVE-2020-14392SUSE bug 1176412cpe:/o:opensuse:leap:15.2CVE-2020-14393openSUSE Leap 15.2
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
ImportantCVE-2020-14393SUSE bug 1176409cpe:/o:opensuse:leap:15.2CVE-2020-14397openSUSE Leap 15.2
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
ModerateCVE-2020-14397SUSE bug 1173477SUSE bug 1173700cpe:/o:opensuse:leap:15.2CVE-2020-14398openSUSE Leap 15.2
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
ModerateCVE-2020-14398SUSE bug 1173477SUSE bug 1173880cpe:/o:opensuse:leap:15.2CVE-2020-14399openSUSE Leap 15.2
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed."
ModerateCVE-2020-14399SUSE bug 1173477SUSE bug 1173743cpe:/o:opensuse:leap:15.2CVE-2020-14400openSUSE Leap 15.2
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.
ModerateCVE-2020-14400SUSE bug 1173477SUSE bug 1173691cpe:/o:opensuse:leap:15.2CVE-2020-14401openSUSE Leap 15.2
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
ModerateCVE-2020-14401SUSE bug 1173477SUSE bug 1173694cpe:/o:opensuse:leap:15.2CVE-2020-14402openSUSE Leap 15.2
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
ModerateCVE-2020-14402SUSE bug 1173477SUSE bug 1173701cpe:/o:opensuse:leap:15.2CVE-2020-14416openSUSE Leap 15.2
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.
ModerateCVE-2020-14416SUSE bug 1162002cpe:/o:opensuse:leap:15.2CVE-2020-14422openSUSE Leap 15.2
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
ImportantCVE-2020-14422SUSE bug 1173274cpe:/o:opensuse:leap:15.2CVE-2020-14424openSUSE Leap 15.2
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
ModerateCVE-2020-14424SUSE bug 1188188cpe:/o:opensuse:leap:15.2CVE-2020-14556openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
ModerateCVE-2020-14556SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14562openSUSE Leap 15.2
Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-14562SUSE bug 1174157cpe:/o:opensuse:leap:15.2CVE-2020-14573openSUSE Leap 15.2
Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2020-14573SUSE bug 1174157cpe:/o:opensuse:leap:15.2CVE-2020-14577openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14577SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14578openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-14578SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14579openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-14579SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14581openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14581SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14583openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2020-14583SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14593openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
ModerateCVE-2020-14593SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14621openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2020-14621SUSE bug 1174157SUSE bug 1175259cpe:/o:opensuse:leap:15.2CVE-2020-14628openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
ModerateCVE-2020-14628SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14629openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14629SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14646openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14646SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14647openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14647SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14648openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14648SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14649openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14649SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14650openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14650SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14673openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14673SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14674openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14674SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14675openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14675SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14676openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14676SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14677openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14677SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14694openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14694SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14695openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14695SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14698openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14698SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14699openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14699SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14700openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14700SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14703openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14703SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14704openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-14704SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14707openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
ModerateCVE-2020-14707SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14711openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
ModerateCVE-2020-14711SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14712openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).
ModerateCVE-2020-14712SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14713openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14713SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14714openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-14714SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-14715openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-14715SUSE bug 1174159cpe:/o:opensuse:leap:15.2CVE-2020-1472openSUSE Leap 15.2
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
CriticalCVE-2020-1472SUSE bug 1176579cpe:/o:opensuse:leap:15.2CVE-2020-14765openSUSE Leap 15.2
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-14765SUSE bug 1178428cpe:/o:opensuse:leap:15.2CVE-2020-14776openSUSE Leap 15.2
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-14776SUSE bug 1178428cpe:/o:opensuse:leap:15.2CVE-2020-14779openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-14779SUSE bug 1177943SUSE bug 1180063cpe:/o:opensuse:leap:15.2CVE-2020-14781openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14781SUSE bug 1177943SUSE bug 1180063cpe:/o:opensuse:leap:15.2CVE-2020-14782openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2020-14782SUSE bug 1177943SUSE bug 1180063cpe:/o:opensuse:leap:15.2CVE-2020-14789openSUSE Leap 15.2
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-14789SUSE bug 1178428cpe:/o:opensuse:leap:15.2CVE-2020-14792openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
ModerateCVE-2020-14792SUSE bug 1177943SUSE bug 1180063cpe:/o:opensuse:leap:15.2CVE-2020-14796openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14796SUSE bug 1177943SUSE bug 1180063cpe:/o:opensuse:leap:15.2CVE-2020-14797openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2020-14797SUSE bug 1177943SUSE bug 1180063cpe:/o:opensuse:leap:15.2CVE-2020-14798openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
ModerateCVE-2020-14798SUSE bug 1177943SUSE bug 1180063cpe:/o:opensuse:leap:15.2CVE-2020-14803openSUSE Leap 15.2
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14803SUSE bug 1177943SUSE bug 1181239SUSE bug 1182186cpe:/o:opensuse:leap:15.2CVE-2020-14812openSUSE Leap 15.2
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-14812SUSE bug 1178428cpe:/o:opensuse:leap:15.2CVE-2020-14928openSUSE Leap 15.2
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
ModerateCVE-2020-14928SUSE bug 1173910cpe:/o:opensuse:leap:15.2CVE-2020-14929openSUSE Leap 15.2
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
ImportantCVE-2020-14929SUSE bug 1173281cpe:/o:opensuse:leap:15.2CVE-2020-14954openSUSE Leap 15.2
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
ImportantCVE-2020-14954SUSE bug 1173197cpe:/o:opensuse:leap:15.2CVE-2020-14983openSUSE Leap 15.2
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
ImportantCVE-2020-14983SUSE bug 1173595cpe:/o:opensuse:leap:15.2CVE-2020-15011openSUSE Leap 15.2
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
ModerateCVE-2020-15011SUSE bug 1173369cpe:/o:opensuse:leap:15.2CVE-2020-15025openSUSE Leap 15.2
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
ModerateCVE-2020-15025SUSE bug 1173334cpe:/o:opensuse:leap:15.2CVE-2020-15049openSUSE Leap 15.2
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
ImportantCVE-2020-15049SUSE bug 1173455SUSE bug 1174381cpe:/o:opensuse:leap:15.2CVE-2020-15078openSUSE Leap 15.2
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
ModerateCVE-2020-15078SUSE bug 1185279cpe:/o:opensuse:leap:15.2CVE-2020-15095openSUSE Leap 15.2
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
ModerateCVE-2020-15095SUSE bug 1173937cpe:/o:opensuse:leap:15.2CVE-2020-15166openSUSE Leap 15.2
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.
ModerateCVE-2020-15166SUSE bug 1176116cpe:/o:opensuse:leap:15.2CVE-2020-15169openSUSE Leap 15.2
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
ImportantCVE-2020-15169SUSE bug 1176421cpe:/o:opensuse:leap:15.2CVE-2020-15180openSUSE Leap 15.2
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
CriticalCVE-2020-15180SUSE bug 1177472cpe:/o:opensuse:leap:15.2CVE-2020-15190openSUSE Leap 15.2
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15190cpe:/o:opensuse:leap:15.2CVE-2020-15191openSUSE Leap 15.2
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
ModerateCVE-2020-15191cpe:/o:opensuse:leap:15.2CVE-2020-15192openSUSE Leap 15.2
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
ModerateCVE-2020-15192cpe:/o:opensuse:leap:15.2CVE-2020-15193openSUSE Leap 15.2
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
ModerateCVE-2020-15193cpe:/o:opensuse:leap:15.2CVE-2020-15194openSUSE Leap 15.2
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
ModerateCVE-2020-15194cpe:/o:opensuse:leap:15.2CVE-2020-15195openSUSE Leap 15.2
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15195cpe:/o:opensuse:leap:15.2CVE-2020-15202openSUSE Leap 15.2
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15202cpe:/o:opensuse:leap:15.2CVE-2020-15203openSUSE Leap 15.2
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15203cpe:/o:opensuse:leap:15.2CVE-2020-15204openSUSE Leap 15.2
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15204cpe:/o:opensuse:leap:15.2CVE-2020-15205openSUSE Leap 15.2
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ImportantCVE-2020-15205cpe:/o:opensuse:leap:15.2CVE-2020-15206openSUSE Leap 15.2
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15206cpe:/o:opensuse:leap:15.2CVE-2020-15207openSUSE Leap 15.2
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CriticalCVE-2020-15207cpe:/o:opensuse:leap:15.2CVE-2020-15208openSUSE Leap 15.2
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ImportantCVE-2020-15208cpe:/o:opensuse:leap:15.2CVE-2020-15209openSUSE Leap 15.2
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15209cpe:/o:opensuse:leap:15.2CVE-2020-15210openSUSE Leap 15.2
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
ModerateCVE-2020-15210cpe:/o:opensuse:leap:15.2CVE-2020-15211openSUSE Leap 15.2
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
ModerateCVE-2020-15211cpe:/o:opensuse:leap:15.2CVE-2020-15229openSUSE Leap 15.2
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that.
ModerateCVE-2020-15229SUSE bug 1177901cpe:/o:opensuse:leap:15.2CVE-2020-15238openSUSE Leap 15.2
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.
ModerateCVE-2020-15238SUSE bug 1178196cpe:/o:opensuse:leap:15.2CVE-2020-15257openSUSE Leap 15.2
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.
ImportantCVE-2020-15257SUSE bug 1178969cpe:/o:opensuse:leap:15.2CVE-2020-15275openSUSE Leap 15.2
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
ModerateCVE-2020-15275SUSE bug 1178745cpe:/o:opensuse:leap:15.2CVE-2020-15304openSUSE Leap 15.2
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
ModerateCVE-2020-15304SUSE bug 1173466cpe:/o:opensuse:leap:15.2CVE-2020-15305openSUSE Leap 15.2
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
LowCVE-2020-15305SUSE bug 1173467cpe:/o:opensuse:leap:15.2CVE-2020-15306openSUSE Leap 15.2
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
LowCVE-2020-15306SUSE bug 1173469cpe:/o:opensuse:leap:15.2CVE-2020-15358openSUSE Leap 15.2
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
ModerateCVE-2020-15358SUSE bug 1173641cpe:/o:opensuse:leap:15.2CVE-2020-15393openSUSE Leap 15.2
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
ModerateCVE-2020-15393SUSE bug 1173514cpe:/o:opensuse:leap:15.2CVE-2020-15395openSUSE Leap 15.2
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
ModerateCVE-2020-15395SUSE bug 1173630cpe:/o:opensuse:leap:15.2CVE-2020-15396openSUSE Leap 15.2
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
ImportantCVE-2020-15396SUSE bug 1173521cpe:/o:opensuse:leap:15.2CVE-2020-15397openSUSE Leap 15.2
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
ImportantCVE-2020-15397SUSE bug 1173519cpe:/o:opensuse:leap:15.2CVE-2020-15436openSUSE Leap 15.2
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
ModerateCVE-2020-15436SUSE bug 1179141cpe:/o:opensuse:leap:15.2CVE-2020-15437openSUSE Leap 15.2
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.
ModerateCVE-2020-15437SUSE bug 1179140cpe:/o:opensuse:leap:15.2CVE-2020-15466openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
LowCVE-2020-15466SUSE bug 1173606cpe:/o:opensuse:leap:15.2CVE-2020-15469openSUSE Leap 15.2
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
ModerateCVE-2020-15469SUSE bug 1173612cpe:/o:opensuse:leap:15.2CVE-2020-15503openSUSE Leap 15.2
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
ModerateCVE-2020-15503SUSE bug 1173674cpe:/o:opensuse:leap:15.2CVE-2020-15522openSUSE Leap 15.2
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
ModerateCVE-2020-15522SUSE bug 1186328cpe:/o:opensuse:leap:15.2CVE-2020-15562openSUSE Leap 15.2
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.
ModerateCVE-2020-15562SUSE bug 1173792SUSE bug 1175135cpe:/o:opensuse:leap:15.2CVE-2020-15563openSUSE Leap 15.2
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.
ModerateCVE-2020-15563SUSE bug 1173377cpe:/o:opensuse:leap:15.2CVE-2020-15565openSUSE Leap 15.2
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.
ImportantCVE-2020-15565SUSE bug 1173378cpe:/o:opensuse:leap:15.2CVE-2020-15566openSUSE Leap 15.2
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.
ModerateCVE-2020-15566SUSE bug 1173376cpe:/o:opensuse:leap:15.2CVE-2020-15567openSUSE Leap 15.2
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable.
ModerateCVE-2020-15567SUSE bug 1173380SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-15572openSUSE Leap 15.2
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
ModerateCVE-2020-15572SUSE bug 1173979cpe:/o:opensuse:leap:15.2CVE-2020-15586openSUSE Leap 15.2
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
ImportantCVE-2020-15586SUSE bug 1174153cpe:/o:opensuse:leap:15.2CVE-2020-15652openSUSE Leap 15.2
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
ImportantCVE-2020-15652SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15653openSUSE Leap 15.2
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15653SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15654openSUSE Leap 15.2
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15654SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15655openSUSE Leap 15.2
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15655SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15656openSUSE Leap 15.2
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15656SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15657openSUSE Leap 15.2
Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15657SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15658openSUSE Leap 15.2
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15658SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15659openSUSE Leap 15.2
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
ImportantCVE-2020-15659SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-15663openSUSE Leap 15.2
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.
ImportantCVE-2020-15663SUSE bug 1175686cpe:/o:opensuse:leap:15.2CVE-2020-15664openSUSE Leap 15.2
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.
ImportantCVE-2020-15664SUSE bug 1175686cpe:/o:opensuse:leap:15.2CVE-2020-15669openSUSE Leap 15.2
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.
ImportantCVE-2020-15669SUSE bug 1175686cpe:/o:opensuse:leap:15.2CVE-2020-15670openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80.
ImportantCVE-2020-15670SUSE bug 1175686cpe:/o:opensuse:leap:15.2CVE-2020-15673openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15673SUSE bug 1176756SUSE bug 1176899cpe:/o:opensuse:leap:15.2CVE-2020-15676openSUSE Leap 15.2
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15676SUSE bug 1176756SUSE bug 1176899cpe:/o:opensuse:leap:15.2CVE-2020-15677openSUSE Leap 15.2
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15677SUSE bug 1176756SUSE bug 1176899cpe:/o:opensuse:leap:15.2CVE-2020-15678openSUSE Leap 15.2
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15678SUSE bug 1176756SUSE bug 1176899cpe:/o:opensuse:leap:15.2CVE-2020-15683openSUSE Leap 15.2
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
ImportantCVE-2020-15683SUSE bug 1177872SUSE bug 1177977cpe:/o:opensuse:leap:15.2CVE-2020-15685openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ImportantCVE-2020-15685SUSE bug 1181414cpe:/o:opensuse:leap:15.2CVE-2020-15705openSUSE Leap 15.2
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
ImportantCVE-2020-15705SUSE bug 1174421SUSE bug 1182890cpe:/o:opensuse:leap:15.2CVE-2020-15706openSUSE Leap 15.2
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
ModerateCVE-2020-15706SUSE bug 1174463cpe:/o:opensuse:leap:15.2CVE-2020-15707openSUSE Leap 15.2
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
ImportantCVE-2020-15707SUSE bug 1174570cpe:/o:opensuse:leap:15.2CVE-2020-15708openSUSE Leap 15.2
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
ImportantCVE-2020-15708SUSE bug 1174955cpe:/o:opensuse:leap:15.2CVE-2020-15719openSUSE Leap 15.2
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
ModerateCVE-2020-15719SUSE bug 1174154cpe:/o:opensuse:leap:15.2CVE-2020-15780openSUSE Leap 15.2
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
ImportantCVE-2020-15780SUSE bug 1173573SUSE bug 1174186cpe:/o:opensuse:leap:15.2CVE-2020-15803openSUSE Leap 15.2
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
ModerateCVE-2020-15803SUSE bug 1174253cpe:/o:opensuse:leap:15.2CVE-2020-15810openSUSE Leap 15.2
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
CriticalCVE-2020-15810SUSE bug 1175664cpe:/o:opensuse:leap:15.2CVE-2020-15811openSUSE Leap 15.2
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
CriticalCVE-2020-15811SUSE bug 1175665cpe:/o:opensuse:leap:15.2CVE-2020-15863openSUSE Leap 15.2
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
ImportantCVE-2020-15863SUSE bug 1174386cpe:/o:opensuse:leap:15.2CVE-2020-15900openSUSE Leap 15.2
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
ImportantCVE-2020-15900SUSE bug 1174415cpe:/o:opensuse:leap:15.2CVE-2020-15917openSUSE Leap 15.2
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
ImportantCVE-2020-15917SUSE bug 1174457cpe:/o:opensuse:leap:15.2CVE-2020-15953openSUSE Leap 15.2
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
ModerateCVE-2020-15953SUSE bug 1174579cpe:/o:opensuse:leap:15.2CVE-2020-15959openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
ModerateCVE-2020-15959SUSE bug 1176306cpe:/o:opensuse:leap:15.2CVE-2020-15960openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2020-15960SUSE bug 1176791SUSE bug 1176799cpe:/o:opensuse:leap:15.2CVE-2020-15961openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2020-15961SUSE bug 1176791SUSE bug 1176799cpe:/o:opensuse:leap:15.2CVE-2020-15962openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2020-15962SUSE bug 1176791SUSE bug 1176799cpe:/o:opensuse:leap:15.2CVE-2020-15963openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2020-15963SUSE bug 1176791SUSE bug 1176799cpe:/o:opensuse:leap:15.2CVE-2020-15964openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-15964SUSE bug 1176791SUSE bug 1176799cpe:/o:opensuse:leap:15.2CVE-2020-15965openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2020-15965SUSE bug 1176791SUSE bug 1176799cpe:/o:opensuse:leap:15.2CVE-2020-15966openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
ModerateCVE-2020-15966SUSE bug 1176791SUSE bug 1176799cpe:/o:opensuse:leap:15.2CVE-2020-15967openSUSE Leap 15.2
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ImportantCVE-2020-15967SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15968openSUSE Leap 15.2
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15968SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15969openSUSE Leap 15.2
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15969SUSE bug 1177408SUSE bug 1177872SUSE bug 1177977cpe:/o:opensuse:leap:15.2CVE-2020-15970openSUSE Leap 15.2
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ImportantCVE-2020-15970SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15971openSUSE Leap 15.2
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ImportantCVE-2020-15971SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15972openSUSE Leap 15.2
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15972SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15973openSUSE Leap 15.2
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
ModerateCVE-2020-15973SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15974openSUSE Leap 15.2
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
ImportantCVE-2020-15974SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15975openSUSE Leap 15.2
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15975SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15976openSUSE Leap 15.2
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15976SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15977openSUSE Leap 15.2
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
ModerateCVE-2020-15977SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15978openSUSE Leap 15.2
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2020-15978SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15979openSUSE Leap 15.2
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-15979SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15980openSUSE Leap 15.2
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
ModerateCVE-2020-15980SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15981openSUSE Leap 15.2
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ModerateCVE-2020-15981SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15982openSUSE Leap 15.2
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ModerateCVE-2020-15982SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15983openSUSE Leap 15.2
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
ImportantCVE-2020-15983SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15984openSUSE Leap 15.2
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
ModerateCVE-2020-15984SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15985openSUSE Leap 15.2
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
ModerateCVE-2020-15985SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15986openSUSE Leap 15.2
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-15986SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15987openSUSE Leap 15.2
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
ModerateCVE-2020-15987SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15988openSUSE Leap 15.2
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
ModerateCVE-2020-15988SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15989openSUSE Leap 15.2
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
ModerateCVE-2020-15989SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15990openSUSE Leap 15.2
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ImportantCVE-2020-15990SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15991openSUSE Leap 15.2
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ImportantCVE-2020-15991SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15992openSUSE Leap 15.2
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
ModerateCVE-2020-15992SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-15995openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-15995SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2020-15999openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15999SUSE bug 1177914SUSE bug 1177936SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-16000openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16000SUSE bug 1177936cpe:/o:opensuse:leap:15.2CVE-2020-16001openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-16001SUSE bug 1177936cpe:/o:opensuse:leap:15.2CVE-2020-16002openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
ImportantCVE-2020-16002SUSE bug 1177936cpe:/o:opensuse:leap:15.2CVE-2020-16003openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16003SUSE bug 1177936cpe:/o:opensuse:leap:15.2CVE-2020-16004openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16004SUSE bug 1178375cpe:/o:opensuse:leap:15.2CVE-2020-16005openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16005SUSE bug 1178375cpe:/o:opensuse:leap:15.2CVE-2020-16006openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16006SUSE bug 1178375cpe:/o:opensuse:leap:15.2CVE-2020-16007openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
ModerateCVE-2020-16007SUSE bug 1178375cpe:/o:opensuse:leap:15.2CVE-2020-16008openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
ModerateCVE-2020-16008SUSE bug 1178375cpe:/o:opensuse:leap:15.2CVE-2020-16009openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16009SUSE bug 1178375cpe:/o:opensuse:leap:15.2CVE-2020-16011openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-16011SUSE bug 1178375cpe:/o:opensuse:leap:15.2CVE-2020-16012openSUSE Leap 15.2
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2020-16012SUSE bug 1178824SUSE bug 1178894SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16013openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16013SUSE bug 1178703cpe:/o:opensuse:leap:15.2CVE-2020-16014openSUSE Leap 15.2
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-16014SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16015openSUSE Leap 15.2
Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16015SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16016openSUSE Leap 15.2
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-16016SUSE bug 1178630cpe:/o:opensuse:leap:15.2CVE-2020-16017openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-16017SUSE bug 1178703cpe:/o:opensuse:leap:15.2CVE-2020-16018openSUSE Leap 15.2
Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-16018SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16019openSUSE Leap 15.2
Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.
ModerateCVE-2020-16019SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16020openSUSE Leap 15.2
Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file.
ModerateCVE-2020-16020SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16021openSUSE Leap 15.2
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.
ModerateCVE-2020-16021SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16022openSUSE Leap 15.2
Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page.
ModerateCVE-2020-16022SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16023openSUSE Leap 15.2
Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16023SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16024openSUSE Leap 15.2
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-16024SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16025openSUSE Leap 15.2
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-16025SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16026openSUSE Leap 15.2
Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16026SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16027openSUSE Leap 15.2
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension.
ModerateCVE-2020-16027SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16028openSUSE Leap 15.2
Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-16028SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16029openSUSE Leap 15.2
Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file.
ModerateCVE-2020-16029SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16030openSUSE Leap 15.2
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
ModerateCVE-2020-16030SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16031openSUSE Leap 15.2
Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2020-16031SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16032openSUSE Leap 15.2
Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2020-16032SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16033openSUSE Leap 15.2
Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page.
ModerateCVE-2020-16033SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16034openSUSE Leap 15.2
Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page.
ModerateCVE-2020-16034SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16035openSUSE Leap 15.2
Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.
ModerateCVE-2020-16035SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16036openSUSE Leap 15.2
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.
ModerateCVE-2020-16036SUSE bug 1178923cpe:/o:opensuse:leap:15.2CVE-2020-16037openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-16037SUSE bug 1179576cpe:/o:opensuse:leap:15.2CVE-2020-16038openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-16038SUSE bug 1179576cpe:/o:opensuse:leap:15.2CVE-2020-16039openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-16039SUSE bug 1179576cpe:/o:opensuse:leap:15.2CVE-2020-16040openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-16040SUSE bug 1179576cpe:/o:opensuse:leap:15.2CVE-2020-16041openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
ImportantCVE-2020-16041SUSE bug 1179576cpe:/o:opensuse:leap:15.2CVE-2020-16042openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ImportantCVE-2020-16042SUSE bug 1179576SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-16043openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.
ModerateCVE-2020-16043SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2020-16044openSUSE Leap 15.2
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
ImportantCVE-2020-16044SUSE bug 1180623SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2020-16092openSUSE Leap 15.2
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
ModerateCVE-2020-16092SUSE bug 1174641cpe:/o:opensuse:leap:15.2CVE-2020-16116openSUSE Leap 15.2
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
ModerateCVE-2020-16116SUSE bug 1174773cpe:/o:opensuse:leap:15.2CVE-2020-16117openSUSE Leap 15.2
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
ModerateCVE-2020-16117SUSE bug 1174712cpe:/o:opensuse:leap:15.2CVE-2020-16120openSUSE Leap 15.2
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.
ModerateCVE-2020-16120SUSE bug 1177470cpe:/o:opensuse:leap:15.2CVE-2020-16121openSUSE Leap 15.2
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
LowCVE-2020-16121SUSE bug 1176930cpe:/o:opensuse:leap:15.2CVE-2020-16125openSUSE Leap 15.2
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
ImportantCVE-2020-16125SUSE bug 1140851SUSE bug 1178150cpe:/o:opensuse:leap:15.2CVE-2020-16145openSUSE Leap 15.2
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
ModerateCVE-2020-16145SUSE bug 1175135cpe:/o:opensuse:leap:15.2CVE-2020-16166openSUSE Leap 15.2
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
ModerateCVE-2020-16166SUSE bug 1174757cpe:/o:opensuse:leap:15.2CVE-2020-16587openSUSE Leap 15.2
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
ModerateCVE-2020-16587SUSE bug 1179879SUSE bug 1180108SUSE bug 1180109cpe:/o:opensuse:leap:15.2CVE-2020-16588openSUSE Leap 15.2
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
ModerateCVE-2020-16588SUSE bug 1179879SUSE bug 1180108cpe:/o:opensuse:leap:15.2CVE-2020-16589openSUSE Leap 15.2
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
ModerateCVE-2020-16589SUSE bug 1179879SUSE bug 1180109cpe:/o:opensuse:leap:15.2CVE-2020-16590openSUSE Leap 15.2
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
ModerateCVE-2020-16590SUSE bug 1179898cpe:/o:opensuse:leap:15.2CVE-2020-16591openSUSE Leap 15.2
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.
ModerateCVE-2020-16591SUSE bug 1179899cpe:/o:opensuse:leap:15.2CVE-2020-16592openSUSE Leap 15.2
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
ModerateCVE-2020-16592SUSE bug 1179900cpe:/o:opensuse:leap:15.2CVE-2020-16593openSUSE Leap 15.2
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
ModerateCVE-2020-16593SUSE bug 1179901cpe:/o:opensuse:leap:15.2CVE-2020-16598openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
ModerateCVE-2020-16598SUSE bug 1179902cpe:/o:opensuse:leap:15.2CVE-2020-16599openSUSE Leap 15.2
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
ModerateCVE-2020-16599SUSE bug 1179903cpe:/o:opensuse:leap:15.2CVE-2020-16600openSUSE Leap 15.2
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
ModerateCVE-2020-16600SUSE bug 1190175cpe:/o:opensuse:leap:15.2CVE-2020-16845openSUSE Leap 15.2
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
ModerateCVE-2020-16845SUSE bug 1174977cpe:/o:opensuse:leap:15.2CVE-2020-16846openSUSE Leap 15.2
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CriticalCVE-2020-16846SUSE bug 1178361cpe:/o:opensuse:leap:15.2CVE-2020-1726openSUSE Leap 15.2
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
ModerateCVE-2020-1726SUSE bug 1164090cpe:/o:opensuse:leap:15.2CVE-2020-17353openSUSE Leap 15.2
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
ImportantCVE-2020-17353SUSE bug 1174949cpe:/o:opensuse:leap:15.2CVE-2020-17367openSUSE Leap 15.2
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
ModerateCVE-2020-17367SUSE bug 1174986cpe:/o:opensuse:leap:15.2CVE-2020-17368openSUSE Leap 15.2
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
ModerateCVE-2020-17368SUSE bug 1174986cpe:/o:opensuse:leap:15.2CVE-2020-17437openSUSE Leap 15.2
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
ImportantCVE-2020-17437SUSE bug 1179907SUSE bug 1179908cpe:/o:opensuse:leap:15.2CVE-2020-17438openSUSE Leap 15.2
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.
ImportantCVE-2020-17438SUSE bug 1179907SUSE bug 1179908cpe:/o:opensuse:leap:15.2CVE-2020-17482openSUSE Leap 15.2
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
ModerateCVE-2020-17482SUSE bug 1176535cpe:/o:opensuse:leap:15.2CVE-2020-17489openSUSE Leap 15.2
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
LowCVE-2020-17489SUSE bug 1175155cpe:/o:opensuse:leap:15.2CVE-2020-1749openSUSE Leap 15.2
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
ImportantCVE-2020-1749SUSE bug 1165629SUSE bug 1165631SUSE bug 1177511SUSE bug 1177513cpe:/o:opensuse:leap:15.2CVE-2020-17490openSUSE Leap 15.2
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
ModerateCVE-2020-17490SUSE bug 1178362cpe:/o:opensuse:leap:15.2CVE-2020-17498openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
ImportantCVE-2020-17498SUSE bug 1175204cpe:/o:opensuse:leap:15.2CVE-2020-17507openSUSE Leap 15.2
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
ImportantCVE-2020-17507SUSE bug 1176315cpe:/o:opensuse:leap:15.2CVE-2020-17521openSUSE Leap 15.2
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
ModerateCVE-2020-17521SUSE bug 1179729cpe:/o:opensuse:leap:15.2CVE-2020-17525openSUSE Leap 15.2
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
ImportantCVE-2020-17525SUSE bug 1181687cpe:/o:opensuse:leap:15.2CVE-2020-17527openSUSE Leap 15.2
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
ImportantCVE-2020-17527SUSE bug 1179602SUSE bug 1180830cpe:/o:opensuse:leap:15.2CVE-2020-17541openSUSE Leap 15.2
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
ModerateCVE-2020-17541SUSE bug 1186764cpe:/o:opensuse:leap:15.2CVE-2020-1765openSUSE Leap 15.2
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
ModerateCVE-2020-1765cpe:/o:opensuse:leap:15.2CVE-2020-1766openSUSE Leap 15.2
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
ModerateCVE-2020-1766cpe:/o:opensuse:leap:15.2CVE-2020-1769openSUSE Leap 15.2
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
ModerateCVE-2020-1769SUSE bug 1168032cpe:/o:opensuse:leap:15.2CVE-2020-1770openSUSE Leap 15.2
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
ModerateCVE-2020-1770SUSE bug 1168031cpe:/o:opensuse:leap:15.2CVE-2020-1771openSUSE Leap 15.2
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
LowCVE-2020-1771SUSE bug 1168030cpe:/o:opensuse:leap:15.2CVE-2020-1772openSUSE Leap 15.2
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
ModerateCVE-2020-1772SUSE bug 1168029cpe:/o:opensuse:leap:15.2CVE-2020-1773openSUSE Leap 15.2
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
ModerateCVE-2020-1773SUSE bug 1168028cpe:/o:opensuse:leap:15.2CVE-2020-18032openSUSE Leap 15.2
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
CriticalCVE-2020-18032SUSE bug 1185833cpe:/o:opensuse:leap:15.2CVE-2020-18670openSUSE Leap 15.2
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
LowCVE-2020-18670SUSE bug 1187707cpe:/o:opensuse:leap:15.2CVE-2020-18671openSUSE Leap 15.2
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
LowCVE-2020-18671SUSE bug 1187706cpe:/o:opensuse:leap:15.2CVE-2020-1945openSUSE Leap 15.2
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
ModerateCVE-2020-1945SUSE bug 1171696SUSE bug 1177180SUSE bug 1179729cpe:/o:opensuse:leap:15.2CVE-2020-1946openSUSE Leap 15.2
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
ImportantCVE-2020-1946SUSE bug 1184221SUSE bug 1186513cpe:/o:opensuse:leap:15.2CVE-2020-19609openSUSE Leap 15.2
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
LowCVE-2020-19609SUSE bug 1190176cpe:/o:opensuse:leap:15.2CVE-2020-19667openSUSE Leap 15.2
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
ModerateCVE-2020-19667SUSE bug 1179103cpe:/o:opensuse:leap:15.2CVE-2020-1967openSUSE Leap 15.2
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
ImportantCVE-2020-1967SUSE bug 1169407cpe:/o:opensuse:leap:15.2CVE-2020-1971openSUSE Leap 15.2
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
ImportantCVE-2020-1971SUSE bug 1179491SUSE bug 1196179SUSE bug 1199303cpe:/o:opensuse:leap:15.2CVE-2020-21529openSUSE Leap 15.2
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
ModerateCVE-2020-21529SUSE bug 1190618cpe:/o:opensuse:leap:15.2CVE-2020-21530openSUSE Leap 15.2
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.
ModerateCVE-2020-21530SUSE bug 1190615cpe:/o:opensuse:leap:15.2CVE-2020-21531openSUSE Leap 15.2
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
ModerateCVE-2020-21531SUSE bug 1190617cpe:/o:opensuse:leap:15.2CVE-2020-21532openSUSE Leap 15.2
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.
ImportantCVE-2020-21532SUSE bug 1190616cpe:/o:opensuse:leap:15.2CVE-2020-21533openSUSE Leap 15.2
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
ImportantCVE-2020-21533SUSE bug 1190612cpe:/o:opensuse:leap:15.2CVE-2020-21534openSUSE Leap 15.2
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
ImportantCVE-2020-21534SUSE bug 1190611cpe:/o:opensuse:leap:15.2CVE-2020-21535openSUSE Leap 15.2
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.
ModerateCVE-2020-21535SUSE bug 1190607cpe:/o:opensuse:leap:15.2CVE-2020-21680openSUSE Leap 15.2
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
ImportantCVE-2020-21680SUSE bug 1189343cpe:/o:opensuse:leap:15.2CVE-2020-21681openSUSE Leap 15.2
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
ImportantCVE-2020-21681SUSE bug 1189345cpe:/o:opensuse:leap:15.2CVE-2020-21682openSUSE Leap 15.2
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
ImportantCVE-2020-21682SUSE bug 1189346cpe:/o:opensuse:leap:15.2CVE-2020-21683openSUSE Leap 15.2
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
ImportantCVE-2020-21683SUSE bug 1189325cpe:/o:opensuse:leap:15.2CVE-2020-23903openSUSE Leap 15.2
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
ModerateCVE-2020-23903SUSE bug 1192580cpe:/o:opensuse:leap:15.2CVE-2020-24119openSUSE Leap 15.2
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
ModerateCVE-2020-24119SUSE bug 1186238cpe:/o:opensuse:leap:15.2CVE-2020-24352openSUSE Leap 15.2
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
LowCVE-2020-24352SUSE bug 1175370SUSE bug 1188609cpe:/o:opensuse:leap:15.2CVE-2020-24368openSUSE Leap 15.2
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.
ModerateCVE-2020-24368SUSE bug 1175530cpe:/o:opensuse:leap:15.2CVE-2020-24370openSUSE Leap 15.2
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
ModerateCVE-2020-24370SUSE bug 1175448cpe:/o:opensuse:leap:15.2CVE-2020-24371openSUSE Leap 15.2
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
ModerateCVE-2020-24371SUSE bug 1175449cpe:/o:opensuse:leap:15.2CVE-2020-24386openSUSE Leap 15.2
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
ImportantCVE-2020-24386SUSE bug 1180405cpe:/o:opensuse:leap:15.2CVE-2020-24489openSUSE Leap 15.2
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
ImportantCVE-2020-24489SUSE bug 1179839SUSE bug 1192359SUSE bug 1199300cpe:/o:opensuse:leap:15.2CVE-2020-24490openSUSE Leap 15.2
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
ImportantCVE-2020-24490SUSE bug 1177726SUSE bug 1177727cpe:/o:opensuse:leap:15.2CVE-2020-24511openSUSE Leap 15.2
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-24511SUSE bug 1179836SUSE bug 1192360SUSE bug 1199300cpe:/o:opensuse:leap:15.2CVE-2020-24512openSUSE Leap 15.2
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
LowCVE-2020-24512SUSE bug 1179837SUSE bug 1192360SUSE bug 1199300cpe:/o:opensuse:leap:15.2CVE-2020-24513openSUSE Leap 15.2
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-24513SUSE bug 1179833SUSE bug 1192360SUSE bug 1199300cpe:/o:opensuse:leap:15.2CVE-2020-24553openSUSE Leap 15.2
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
ModerateCVE-2020-24553SUSE bug 1176031cpe:/o:opensuse:leap:15.2CVE-2020-24586openSUSE Leap 15.2
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
ModerateCVE-2020-24586SUSE bug 1185859SUSE bug 1192868cpe:/o:opensuse:leap:15.2CVE-2020-24587openSUSE Leap 15.2
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
ModerateCVE-2020-24587SUSE bug 1185859SUSE bug 1185862SUSE bug 1192868cpe:/o:opensuse:leap:15.2CVE-2020-24588openSUSE Leap 15.2
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
ModerateCVE-2020-24588SUSE bug 1185861SUSE bug 1192868SUSE bug 1199701cpe:/o:opensuse:leap:15.2CVE-2020-24606openSUSE Leap 15.2
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
ImportantCVE-2020-24606SUSE bug 1175671cpe:/o:opensuse:leap:15.2CVE-2020-24614openSUSE Leap 15.2
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
ModerateCVE-2020-24614SUSE bug 1175760cpe:/o:opensuse:leap:15.2CVE-2020-24654openSUSE Leap 15.2
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
ModerateCVE-2020-24654SUSE bug 1175857cpe:/o:opensuse:leap:15.2CVE-2020-24659openSUSE Leap 15.2
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
ModerateCVE-2020-24659SUSE bug 1176181SUSE bug 1178057cpe:/o:opensuse:leap:15.2CVE-2020-24977openSUSE Leap 15.2
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
ModerateCVE-2020-24977SUSE bug 1176179SUSE bug 1191860cpe:/o:opensuse:leap:15.2CVE-2020-24994openSUSE Leap 15.2
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
ModerateCVE-2020-24994SUSE bug 1184153cpe:/o:opensuse:leap:15.2CVE-2020-25032openSUSE Leap 15.2
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
ModerateCVE-2020-25032SUSE bug 1175986cpe:/o:opensuse:leap:15.2CVE-2020-25039openSUSE Leap 15.2
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
ModerateCVE-2020-25039SUSE bug 1176705SUSE bug 1176707cpe:/o:opensuse:leap:15.2CVE-2020-25040openSUSE Leap 15.2
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
ModerateCVE-2020-25040SUSE bug 1176707cpe:/o:opensuse:leap:15.2CVE-2020-25074openSUSE Leap 15.2
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
ImportantCVE-2020-25074SUSE bug 1178744cpe:/o:opensuse:leap:15.2CVE-2020-25084openSUSE Leap 15.2
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
ModerateCVE-2020-25084SUSE bug 1176673cpe:/o:opensuse:leap:15.2CVE-2020-25085openSUSE Leap 15.2
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
ModerateCVE-2020-25085SUSE bug 1176681SUSE bug 1182282cpe:/o:opensuse:leap:15.2CVE-2020-25097openSUSE Leap 15.2
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
ImportantCVE-2020-25097SUSE bug 1183436cpe:/o:opensuse:leap:15.2CVE-2020-25211openSUSE Leap 15.2
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
ModerateCVE-2020-25211SUSE bug 1176395SUSE bug 1192356cpe:/o:opensuse:leap:15.2CVE-2020-25212openSUSE Leap 15.2
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
ImportantCVE-2020-25212SUSE bug 1176381SUSE bug 1176382SUSE bug 1177027cpe:/o:opensuse:leap:15.2CVE-2020-25219openSUSE Leap 15.2
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
ImportantCVE-2020-25219SUSE bug 1176410cpe:/o:opensuse:leap:15.2CVE-2020-25275openSUSE Leap 15.2
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
ImportantCVE-2020-25275SUSE bug 1180406cpe:/o:opensuse:leap:15.2CVE-2020-25284openSUSE Leap 15.2
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
ModerateCVE-2020-25284SUSE bug 1176482cpe:/o:opensuse:leap:15.2CVE-2020-25285openSUSE Leap 15.2
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
ModerateCVE-2020-25285SUSE bug 1176485cpe:/o:opensuse:leap:15.2CVE-2020-25559openSUSE Leap 15.2
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
ModerateCVE-2020-25559SUSE bug 1176689cpe:/o:opensuse:leap:15.2CVE-2020-25592openSUSE Leap 15.2
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
CriticalCVE-2020-25592SUSE bug 1178319cpe:/o:opensuse:leap:15.2CVE-2020-25595openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.
ImportantCVE-2020-25595SUSE bug 1176344SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-25596openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.
ModerateCVE-2020-25596SUSE bug 1176345SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-25597openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.
ModerateCVE-2020-25597SUSE bug 1176346cpe:/o:opensuse:leap:15.2CVE-2020-25598openSUSE Leap 15.2
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.
ModerateCVE-2020-25598SUSE bug 1176341cpe:/o:opensuse:leap:15.2CVE-2020-25599openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.
ImportantCVE-2020-25599SUSE bug 1176349cpe:/o:opensuse:leap:15.2CVE-2020-25600openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.
ImportantCVE-2020-25600SUSE bug 1176348cpe:/o:opensuse:leap:15.2CVE-2020-25601openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
ModerateCVE-2020-25601SUSE bug 1176350cpe:/o:opensuse:leap:15.2CVE-2020-25602openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability.
ModerateCVE-2020-25602SUSE bug 1176339cpe:/o:opensuse:leap:15.2CVE-2020-25603openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.
ImportantCVE-2020-25603SUSE bug 1176347SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-25604openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.
ModerateCVE-2020-25604SUSE bug 1176343SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-25613openSUSE Leap 15.2
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
ModerateCVE-2020-25613SUSE bug 1177125cpe:/o:opensuse:leap:15.2CVE-2020-25624openSUSE Leap 15.2
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
ModerateCVE-2020-25624SUSE bug 1176682cpe:/o:opensuse:leap:15.2CVE-2020-25625openSUSE Leap 15.2
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
LowCVE-2020-25625SUSE bug 1176684cpe:/o:opensuse:leap:15.2CVE-2020-25626openSUSE Leap 15.2
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
ImportantCVE-2020-25626SUSE bug 1177205cpe:/o:opensuse:leap:15.2CVE-2020-25632openSUSE Leap 15.2
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25632SUSE bug 1176711SUSE bug 1192833cpe:/o:opensuse:leap:15.2CVE-2020-25637openSUSE Leap 15.2
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25637SUSE bug 1174955SUSE bug 1177155cpe:/o:opensuse:leap:15.2CVE-2020-25639openSUSE Leap 15.2
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
ModerateCVE-2020-25639SUSE bug 1176846cpe:/o:opensuse:leap:15.2CVE-2020-25641openSUSE Leap 15.2
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-25641SUSE bug 1177121cpe:/o:opensuse:leap:15.2CVE-2020-25643openSUSE Leap 15.2
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25643SUSE bug 1177206SUSE bug 1177226cpe:/o:opensuse:leap:15.2CVE-2020-25645openSUSE Leap 15.2
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
ImportantCVE-2020-25645SUSE bug 1177511SUSE bug 1177513cpe:/o:opensuse:leap:15.2CVE-2020-25647openSUSE Leap 15.2
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25647SUSE bug 1177883SUSE bug 1192833cpe:/o:opensuse:leap:15.2CVE-2020-25648openSUSE Leap 15.2
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
ImportantCVE-2020-25648SUSE bug 1177917cpe:/o:opensuse:leap:15.2CVE-2020-25649openSUSE Leap 15.2
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
ModerateCVE-2020-25649SUSE bug 1177616cpe:/o:opensuse:leap:15.2CVE-2020-25650openSUSE Leap 15.2
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.
ModerateCVE-2020-25650SUSE bug 1177780cpe:/o:opensuse:leap:15.2CVE-2020-25651openSUSE Leap 15.2
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
ModerateCVE-2020-25651SUSE bug 1177781cpe:/o:opensuse:leap:15.2CVE-2020-25652openSUSE Leap 15.2
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.
ModerateCVE-2020-25652SUSE bug 1177782cpe:/o:opensuse:leap:15.2CVE-2020-25653openSUSE Leap 15.2
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
ImportantCVE-2020-25653SUSE bug 1177783cpe:/o:opensuse:leap:15.2CVE-2020-25654openSUSE Leap 15.2
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
ImportantCVE-2020-25654SUSE bug 1173668SUSE bug 1177916SUSE bug 1196165cpe:/o:opensuse:leap:15.2CVE-2020-25656openSUSE Leap 15.2
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
ModerateCVE-2020-25656SUSE bug 1177766cpe:/o:opensuse:leap:15.2CVE-2020-25659openSUSE Leap 15.2
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
ModerateCVE-2020-25659SUSE bug 1178168cpe:/o:opensuse:leap:15.2CVE-2020-25660openSUSE Leap 15.2
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
ImportantCVE-2020-25660SUSE bug 1177843cpe:/o:opensuse:leap:15.2CVE-2020-25664openSUSE Leap 15.2
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
ImportantCVE-2020-25664SUSE bug 1179202SUSE bug 1179346cpe:/o:opensuse:leap:15.2CVE-2020-25665openSUSE Leap 15.2
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
ModerateCVE-2020-25665SUSE bug 1179208cpe:/o:opensuse:leap:15.2CVE-2020-25666openSUSE Leap 15.2
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-25666SUSE bug 1179212cpe:/o:opensuse:leap:15.2CVE-2020-25668openSUSE Leap 15.2
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
ImportantCVE-2020-25668SUSE bug 1178123SUSE bug 1178622SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2020-25669openSUSE Leap 15.2
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
ModerateCVE-2020-25669SUSE bug 1178182cpe:/o:opensuse:leap:15.2CVE-2020-25670openSUSE Leap 15.2
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
ImportantCVE-2020-25670SUSE bug 1178181SUSE bug 1194680cpe:/o:opensuse:leap:15.2CVE-2020-25671openSUSE Leap 15.2
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
ImportantCVE-2020-25671SUSE bug 1178181cpe:/o:opensuse:leap:15.2CVE-2020-25672openSUSE Leap 15.2
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
ImportantCVE-2020-25672SUSE bug 1178181cpe:/o:opensuse:leap:15.2CVE-2020-25673openSUSE Leap 15.2
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.
ImportantCVE-2020-25673SUSE bug 1178181cpe:/o:opensuse:leap:15.2CVE-2020-25674openSUSE Leap 15.2
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
ImportantCVE-2020-25674SUSE bug 1179223cpe:/o:opensuse:leap:15.2CVE-2020-25675openSUSE Leap 15.2
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-25675SUSE bug 1179240cpe:/o:opensuse:leap:15.2CVE-2020-25676openSUSE Leap 15.2
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-25676SUSE bug 1179244cpe:/o:opensuse:leap:15.2CVE-2020-25678openSUSE Leap 15.2
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
LowCVE-2020-25678SUSE bug 1178905cpe:/o:opensuse:leap:15.2CVE-2020-25681openSUSE Leap 15.2
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25681SUSE bug 1177077cpe:/o:opensuse:leap:15.2CVE-2020-25682openSUSE Leap 15.2
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25682SUSE bug 1177077cpe:/o:opensuse:leap:15.2CVE-2020-25683openSUSE Leap 15.2
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
ImportantCVE-2020-25683SUSE bug 1177077cpe:/o:opensuse:leap:15.2CVE-2020-25684openSUSE Leap 15.2
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
ImportantCVE-2020-25684SUSE bug 1177077cpe:/o:opensuse:leap:15.2CVE-2020-25685openSUSE Leap 15.2
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
ImportantCVE-2020-25685SUSE bug 1177077cpe:/o:opensuse:leap:15.2CVE-2020-25686openSUSE Leap 15.2
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
ImportantCVE-2020-25686SUSE bug 1177077cpe:/o:opensuse:leap:15.2CVE-2020-25687openSUSE Leap 15.2
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
ImportantCVE-2020-25687SUSE bug 1177077cpe:/o:opensuse:leap:15.2CVE-2020-25692openSUSE Leap 15.2
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
ImportantCVE-2020-25692SUSE bug 1178387cpe:/o:opensuse:leap:15.2CVE-2020-25694openSUSE Leap 15.2
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ModerateCVE-2020-25694SUSE bug 1178667SUSE bug 1179870cpe:/o:opensuse:leap:15.2CVE-2020-25695openSUSE Leap 15.2
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25695SUSE bug 1178666cpe:/o:opensuse:leap:15.2CVE-2020-25696openSUSE Leap 15.2
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25696SUSE bug 1178668SUSE bug 1179870cpe:/o:opensuse:leap:15.2CVE-2020-25704openSUSE Leap 15.2
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
ModerateCVE-2020-25704SUSE bug 1178393cpe:/o:opensuse:leap:15.2CVE-2020-25705openSUSE Leap 15.2
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
ImportantCVE-2020-25705SUSE bug 1175721SUSE bug 1178782SUSE bug 1178783SUSE bug 1191790cpe:/o:opensuse:leap:15.2CVE-2020-25707openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916
ModerateCVE-2020-25707SUSE bug 1178683SUSE bug 1179468cpe:/o:opensuse:leap:15.2CVE-2020-25708openSUSE Leap 15.2
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
ModerateCVE-2020-25708SUSE bug 1178682cpe:/o:opensuse:leap:15.2CVE-2020-25709openSUSE Leap 15.2
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-25709SUSE bug 1178909cpe:/o:opensuse:leap:15.2CVE-2020-25710openSUSE Leap 15.2
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-25710SUSE bug 1178909cpe:/o:opensuse:leap:15.2CVE-2020-25712openSUSE Leap 15.2
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25712SUSE bug 1174908SUSE bug 1177596cpe:/o:opensuse:leap:15.2CVE-2020-25717openSUSE Leap 15.2
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
ImportantCVE-2020-25717SUSE bug 1192284SUSE bug 1192505SUSE bug 1192601SUSE bug 1192849SUSE bug 1193011SUSE bug 1194049SUSE bug 1194307SUSE bug 1195815SUSE bug 1196344SUSE bug 1196717SUSE bug 1196920cpe:/o:opensuse:leap:15.2CVE-2020-25723openSUSE Leap 15.2
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
LowCVE-2020-25723SUSE bug 1178934SUSE bug 1178935cpe:/o:opensuse:leap:15.2CVE-2020-25829openSUSE Leap 15.2
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
ModerateCVE-2020-25829SUSE bug 1177383cpe:/o:opensuse:leap:15.2CVE-2020-25862openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
ModerateCVE-2020-25862SUSE bug 1176909cpe:/o:opensuse:leap:15.2CVE-2020-25863openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
ModerateCVE-2020-25863SUSE bug 1176908cpe:/o:opensuse:leap:15.2CVE-2020-25866openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
ModerateCVE-2020-25866SUSE bug 1176910cpe:/o:opensuse:leap:15.2CVE-2020-26088openSUSE Leap 15.2
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
ModerateCVE-2020-26088SUSE bug 1176990cpe:/o:opensuse:leap:15.2CVE-2020-26116openSUSE Leap 15.2
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
ModerateCVE-2020-26116SUSE bug 1177120SUSE bug 1177211SUSE bug 1192361cpe:/o:opensuse:leap:15.2CVE-2020-26117openSUSE Leap 15.2
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
CriticalCVE-2020-26117SUSE bug 1176733cpe:/o:opensuse:leap:15.2CVE-2020-26137openSUSE Leap 15.2
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
ModerateCVE-2020-26137SUSE bug 1177120SUSE bug 1177211cpe:/o:opensuse:leap:15.2CVE-2020-26139openSUSE Leap 15.2
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
ModerateCVE-2020-26139SUSE bug 1186062SUSE bug 1192868cpe:/o:opensuse:leap:15.2CVE-2020-26141openSUSE Leap 15.2
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
ModerateCVE-2020-26141SUSE bug 1185987cpe:/o:opensuse:leap:15.2CVE-2020-26145openSUSE Leap 15.2
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
ModerateCVE-2020-26145SUSE bug 1185860cpe:/o:opensuse:leap:15.2CVE-2020-26147openSUSE Leap 15.2
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
ModerateCVE-2020-26147cpe:/o:opensuse:leap:15.2CVE-2020-26154openSUSE Leap 15.2
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
ImportantCVE-2020-26154SUSE bug 1177143cpe:/o:opensuse:leap:15.2CVE-2020-26164openSUSE Leap 15.2
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
ModerateCVE-2020-26164SUSE bug 1176268SUSE bug 1177628cpe:/o:opensuse:leap:15.2CVE-2020-26215openSUSE Leap 15.2
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.
ModerateCVE-2020-26215SUSE bug 1180458cpe:/o:opensuse:leap:15.2CVE-2020-26217openSUSE Leap 15.2
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
ImportantCVE-2020-26217SUSE bug 1180994cpe:/o:opensuse:leap:15.2CVE-2020-26247openSUSE Leap 15.2
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
ModerateCVE-2020-26247SUSE bug 1180507cpe:/o:opensuse:leap:15.2CVE-2020-26258openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
ModerateCVE-2020-26258SUSE bug 1180146cpe:/o:opensuse:leap:15.2CVE-2020-26259openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
ModerateCVE-2020-26259SUSE bug 1180145cpe:/o:opensuse:leap:15.2CVE-2020-26418openSUSE Leap 15.2
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
LowCVE-2020-26418SUSE bug 1179930cpe:/o:opensuse:leap:15.2CVE-2020-26419openSUSE Leap 15.2
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
ModerateCVE-2020-26419SUSE bug 1179931cpe:/o:opensuse:leap:15.2CVE-2020-26420openSUSE Leap 15.2
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
LowCVE-2020-26420SUSE bug 1179932cpe:/o:opensuse:leap:15.2CVE-2020-26421openSUSE Leap 15.2
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
ModerateCVE-2020-26421SUSE bug 1179933cpe:/o:opensuse:leap:15.2CVE-2020-26422openSUSE Leap 15.2
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
ModerateCVE-2020-26422SUSE bug 1180232cpe:/o:opensuse:leap:15.2CVE-2020-26558openSUSE Leap 15.2
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
ModerateCVE-2020-26558SUSE bug 1179610SUSE bug 1186463cpe:/o:opensuse:leap:15.2CVE-2020-26570openSUSE Leap 15.2
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
ModerateCVE-2020-26570SUSE bug 1177364SUSE bug 1179291cpe:/o:opensuse:leap:15.2CVE-2020-26571openSUSE Leap 15.2
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
ModerateCVE-2020-26571SUSE bug 1177380SUSE bug 1179291cpe:/o:opensuse:leap:15.2CVE-2020-26572openSUSE Leap 15.2
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
ModerateCVE-2020-26572SUSE bug 1177378SUSE bug 1179291cpe:/o:opensuse:leap:15.2CVE-2020-26575openSUSE Leap 15.2
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
ModerateCVE-2020-26575SUSE bug 1177406SUSE bug 1178290cpe:/o:opensuse:leap:15.2CVE-2020-26664openSUSE Leap 15.2
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
ModerateCVE-2020-26664SUSE bug 1180755cpe:/o:opensuse:leap:15.2CVE-2020-26682openSUSE Leap 15.2
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
ImportantCVE-2020-26682SUSE bug 1177862cpe:/o:opensuse:leap:15.2CVE-2020-26934openSUSE Leap 15.2
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
ModerateCVE-2020-26934SUSE bug 1177561cpe:/o:opensuse:leap:15.2CVE-2020-26935openSUSE Leap 15.2
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
CriticalCVE-2020-26935SUSE bug 1177562cpe:/o:opensuse:leap:15.2CVE-2020-26950openSUSE Leap 15.2
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
ImportantCVE-2020-26950SUSE bug 1177872SUSE bug 1178588SUSE bug 1178611cpe:/o:opensuse:leap:15.2CVE-2020-26951openSUSE Leap 15.2
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26951SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26953openSUSE Leap 15.2
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26953SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26956openSUSE Leap 15.2
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26956SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26958openSUSE Leap 15.2
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26958SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26959openSUSE Leap 15.2
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26959SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26960openSUSE Leap 15.2
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26960SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26961openSUSE Leap 15.2
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26961SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26965openSUSE Leap 15.2
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26965SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26966openSUSE Leap 15.2
Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26966SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26968openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ModerateCVE-2020-26968SUSE bug 1178824SUSE bug 1178894cpe:/o:opensuse:leap:15.2CVE-2020-26971openSUSE Leap 15.2
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26971SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-26973openSUSE Leap 15.2
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26973SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-26974openSUSE Leap 15.2
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26974SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-26976openSUSE Leap 15.2
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
ImportantCVE-2020-26976SUSE bug 1180039SUSE bug 1181414cpe:/o:opensuse:leap:15.2CVE-2020-26978openSUSE Leap 15.2
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26978SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-27068openSUSE Leap 15.2
In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583
ModerateCVE-2020-27068SUSE bug 1180086cpe:/o:opensuse:leap:15.2CVE-2020-27153openSUSE Leap 15.2
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
ModerateCVE-2020-27153SUSE bug 1177895cpe:/o:opensuse:leap:15.2CVE-2020-27170openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
ModerateCVE-2020-27170SUSE bug 1183686SUSE bug 1183775cpe:/o:opensuse:leap:15.2CVE-2020-27171openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.
ModerateCVE-2020-27171SUSE bug 1183686SUSE bug 1183775cpe:/o:opensuse:leap:15.2CVE-2020-27208openSUSE Leap 15.2
The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.
ModerateCVE-2020-27208SUSE bug 1186848cpe:/o:opensuse:leap:15.2CVE-2020-27218openSUSE Leap 15.2
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
ModerateCVE-2020-27218SUSE bug 1179727cpe:/o:opensuse:leap:15.2CVE-2020-27225openSUSE Leap 15.2
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
ImportantCVE-2020-27225SUSE bug 1183728cpe:/o:opensuse:leap:15.2CVE-2020-27304openSUSE Leap 15.2
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
ImportantCVE-2020-27304SUSE bug 1191938cpe:/o:opensuse:leap:15.2CVE-2020-27347openSUSE Leap 15.2
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
ModerateCVE-2020-27347SUSE bug 1178263SUSE bug 1178316cpe:/o:opensuse:leap:15.2CVE-2020-27560openSUSE Leap 15.2
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
ModerateCVE-2020-27560SUSE bug 1178067cpe:/o:opensuse:leap:15.2CVE-2020-27616openSUSE Leap 15.2
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
LowCVE-2020-27616SUSE bug 1178400SUSE bug 1188609cpe:/o:opensuse:leap:15.2CVE-2020-27617openSUSE Leap 15.2
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
ModerateCVE-2020-27617SUSE bug 1178174cpe:/o:opensuse:leap:15.2CVE-2020-27618openSUSE Leap 15.2
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
ModerateCVE-2020-27618SUSE bug 1178386cpe:/o:opensuse:leap:15.2CVE-2020-27619openSUSE Leap 15.2
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
ImportantCVE-2020-27619SUSE bug 1178009SUSE bug 1180254SUSE bug 1193386cpe:/o:opensuse:leap:15.2CVE-2020-27670openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
ImportantCVE-2020-27670SUSE bug 1177414SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-27671openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
ImportantCVE-2020-27671SUSE bug 1177413cpe:/o:opensuse:leap:15.2CVE-2020-27672openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
ImportantCVE-2020-27672SUSE bug 1177412SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-27673openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
ModerateCVE-2020-27673SUSE bug 1177411SUSE bug 1184583cpe:/o:opensuse:leap:15.2CVE-2020-27674openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
ModerateCVE-2020-27674SUSE bug 1177409SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-27745openSUSE Leap 15.2
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
ImportantCVE-2020-27745SUSE bug 1178890cpe:/o:opensuse:leap:15.2CVE-2020-27746openSUSE Leap 15.2
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.
ModerateCVE-2020-27746SUSE bug 1178891cpe:/o:opensuse:leap:15.2CVE-2020-27749openSUSE Leap 15.2
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-27749SUSE bug 1179264SUSE bug 1192833cpe:/o:opensuse:leap:15.2CVE-2020-27750openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
ImportantCVE-2020-27750SUSE bug 1179260cpe:/o:opensuse:leap:15.2CVE-2020-27751openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27751SUSE bug 1179269cpe:/o:opensuse:leap:15.2CVE-2020-27752openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27752SUSE bug 1179202SUSE bug 1179346cpe:/o:opensuse:leap:15.2CVE-2020-27753openSUSE Leap 15.2
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27753SUSE bug 1179397cpe:/o:opensuse:leap:15.2CVE-2020-27754openSUSE Leap 15.2
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.
ModerateCVE-2020-27754SUSE bug 1179313SUSE bug 1179336cpe:/o:opensuse:leap:15.2CVE-2020-27755openSUSE Leap 15.2
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27755SUSE bug 1179345cpe:/o:opensuse:leap:15.2CVE-2020-27756openSUSE Leap 15.2
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.
ImportantCVE-2020-27756SUSE bug 1179221cpe:/o:opensuse:leap:15.2CVE-2020-27757openSUSE Leap 15.2
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
ModerateCVE-2020-27757SUSE bug 1179268cpe:/o:opensuse:leap:15.2CVE-2020-27758openSUSE Leap 15.2
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
ModerateCVE-2020-27758SUSE bug 1179276cpe:/o:opensuse:leap:15.2CVE-2020-27759openSUSE Leap 15.2
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
ModerateCVE-2020-27759SUSE bug 1179313SUSE bug 1179321SUSE bug 1179336cpe:/o:opensuse:leap:15.2CVE-2020-27760openSUSE Leap 15.2
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
ImportantCVE-2020-27760SUSE bug 1179281cpe:/o:opensuse:leap:15.2CVE-2020-27761openSUSE Leap 15.2
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.
ModerateCVE-2020-27761SUSE bug 1179315cpe:/o:opensuse:leap:15.2CVE-2020-27762openSUSE Leap 15.2
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
ModerateCVE-2020-27762SUSE bug 1179278cpe:/o:opensuse:leap:15.2CVE-2020-27763openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
ModerateCVE-2020-27763SUSE bug 1179312cpe:/o:opensuse:leap:15.2CVE-2020-27764openSUSE Leap 15.2
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.
ModerateCVE-2020-27764SUSE bug 1179317SUSE bug 1179333cpe:/o:opensuse:leap:15.2CVE-2020-27765openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27765SUSE bug 1179311cpe:/o:opensuse:leap:15.2CVE-2020-27766openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.
ModerateCVE-2020-27766SUSE bug 1179333SUSE bug 1179361cpe:/o:opensuse:leap:15.2CVE-2020-27767openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27767SUSE bug 1179268SUSE bug 1179269SUSE bug 1179322SUSE bug 1179346cpe:/o:opensuse:leap:15.2CVE-2020-27768openSUSE Leap 15.2
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27768SUSE bug 1179339cpe:/o:opensuse:leap:15.2CVE-2020-27769openSUSE Leap 15.2
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
ModerateCVE-2020-27769SUSE bug 1179321cpe:/o:opensuse:leap:15.2CVE-2020-27770openSUSE Leap 15.2
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
ModerateCVE-2020-27770SUSE bug 1179343cpe:/o:opensuse:leap:15.2CVE-2020-27771openSUSE Leap 15.2
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27771SUSE bug 1179327cpe:/o:opensuse:leap:15.2CVE-2020-27772openSUSE Leap 15.2
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27772SUSE bug 1179347cpe:/o:opensuse:leap:15.2CVE-2020-27773openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27773SUSE bug 1179285cpe:/o:opensuse:leap:15.2CVE-2020-27774openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27774SUSE bug 1179317SUSE bug 1179333SUSE bug 1179361cpe:/o:opensuse:leap:15.2CVE-2020-27775openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27775SUSE bug 1179338cpe:/o:opensuse:leap:15.2CVE-2020-27776openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
ModerateCVE-2020-27776SUSE bug 1179333SUSE bug 1179362cpe:/o:opensuse:leap:15.2CVE-2020-27777openSUSE Leap 15.2
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
ModerateCVE-2020-27777SUSE bug 1179107SUSE bug 1179419cpe:/o:opensuse:leap:15.2CVE-2020-27779openSUSE Leap 15.2
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-27779SUSE bug 1179265SUSE bug 1192833cpe:/o:opensuse:leap:15.2CVE-2020-27781openSUSE Leap 15.2
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.
ImportantCVE-2020-27781SUSE bug 1179802SUSE bug 1180155cpe:/o:opensuse:leap:15.2CVE-2020-27786openSUSE Leap 15.2
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2020-27786SUSE bug 1179601SUSE bug 1179616cpe:/o:opensuse:leap:15.2CVE-2020-27815openSUSE Leap 15.2
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2020-27815SUSE bug 1179454SUSE bug 1179458cpe:/o:opensuse:leap:15.2CVE-2020-27818openSUSE Leap 15.2
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
ModerateCVE-2020-27818SUSE bug 1179528cpe:/o:opensuse:leap:15.2CVE-2020-27819openSUSE Leap 15.2
An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.
ModerateCVE-2020-27819SUSE bug 1179532cpe:/o:opensuse:leap:15.2CVE-2020-27821openSUSE Leap 15.2
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
ModerateCVE-2020-27821SUSE bug 1179686cpe:/o:opensuse:leap:15.2CVE-2020-27825openSUSE Leap 15.2
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
ImportantCVE-2020-27825SUSE bug 1179960SUSE bug 1179961cpe:/o:opensuse:leap:15.2CVE-2020-27827openSUSE Leap 15.2
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
ImportantCVE-2020-27827SUSE bug 1181345cpe:/o:opensuse:leap:15.2CVE-2020-27828openSUSE Leap 15.2
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
ImportantCVE-2020-27828SUSE bug 1179748cpe:/o:opensuse:leap:15.2CVE-2020-27830openSUSE Leap 15.2
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.
ModerateCVE-2020-27830SUSE bug 1179656cpe:/o:opensuse:leap:15.2CVE-2020-27835openSUSE Leap 15.2
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
ModerateCVE-2020-27835SUSE bug 1179878cpe:/o:opensuse:leap:15.2CVE-2020-27839openSUSE Leap 15.2
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
ModerateCVE-2020-27839SUSE bug 1179997cpe:/o:opensuse:leap:15.2CVE-2020-27840openSUSE Leap 15.2
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
ImportantCVE-2020-27840SUSE bug 1183572cpe:/o:opensuse:leap:15.2CVE-2020-27844openSUSE Leap 15.2
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2020-27844SUSE bug 1180045SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2020-27918openSUSE Leap 15.2
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2020-27918SUSE bug 1184262cpe:/o:opensuse:leap:15.2CVE-2020-28007openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.
ImportantCVE-2020-28007SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28008openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.
ImportantCVE-2020-28008SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28009openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).
ImportantCVE-2020-28009SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28010openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
ImportantCVE-2020-28010SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28011openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
ImportantCVE-2020-28011SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28012openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
ImportantCVE-2020-28012SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28013openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
ImportantCVE-2020-28013SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28014openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
ImportantCVE-2020-28014SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28015openSUSE Leap 15.2
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
ImportantCVE-2020-28015SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28016openSUSE Leap 15.2
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
ImportantCVE-2020-28016SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28017openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
ImportantCVE-2020-28017SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28018openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
ImportantCVE-2020-28018SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28019openSUSE Leap 15.2
Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.
ImportantCVE-2020-28019SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28020openSUSE Leap 15.2
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
ImportantCVE-2020-28020SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28021openSUSE Leap 15.2
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.
ImportantCVE-2020-28021SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28022openSUSE Leap 15.2
Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
ImportantCVE-2020-28022SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28023openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
ImportantCVE-2020-28023SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28024openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
ImportantCVE-2020-28024SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28025openSUSE Leap 15.2
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
ImportantCVE-2020-28025SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28026openSUSE Leap 15.2
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.
ImportantCVE-2020-28026SUSE bug 1185631cpe:/o:opensuse:leap:15.2CVE-2020-28030openSUSE Leap 15.2
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
ModerateCVE-2020-28030SUSE bug 1178291cpe:/o:opensuse:leap:15.2CVE-2020-28049openSUSE Leap 15.2
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
ModerateCVE-2020-28049SUSE bug 1177201cpe:/o:opensuse:leap:15.2CVE-2020-28196openSUSE Leap 15.2
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
ImportantCVE-2020-28196SUSE bug 1178512cpe:/o:opensuse:leap:15.2CVE-2020-28200openSUSE Leap 15.2
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
ModerateCVE-2020-28200SUSE bug 1187420cpe:/o:opensuse:leap:15.2CVE-2020-28243openSUSE Leap 15.2
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
ImportantCVE-2020-28243SUSE bug 1181550SUSE bug 1181556cpe:/o:opensuse:leap:15.2CVE-2020-28362openSUSE Leap 15.2
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
ImportantCVE-2020-28362SUSE bug 1178750cpe:/o:opensuse:leap:15.2CVE-2020-28366openSUSE Leap 15.2
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.
ImportantCVE-2020-28366SUSE bug 1178753cpe:/o:opensuse:leap:15.2CVE-2020-28367openSUSE Leap 15.2
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.
ImportantCVE-2020-28367SUSE bug 1178752cpe:/o:opensuse:leap:15.2CVE-2020-28368openSUSE Leap 15.2
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.
ModerateCVE-2020-28368SUSE bug 1178591SUSE bug 1178658cpe:/o:opensuse:leap:15.2CVE-2020-28374openSUSE Leap 15.2
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
ImportantCVE-2020-28374SUSE bug 1178372SUSE bug 1178684SUSE bug 1180676cpe:/o:opensuse:leap:15.2CVE-2020-28463openSUSE Leap 15.2
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
ModerateCVE-2020-28463SUSE bug 1182503cpe:/o:opensuse:leap:15.2CVE-2020-28473openSUSE Leap 15.2
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
ModerateCVE-2020-28473SUSE bug 1182181cpe:/o:opensuse:leap:15.2CVE-2020-28600openSUSE Leap 15.2
An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
ModerateCVE-2020-28600SUSE bug 1185975cpe:/o:opensuse:leap:15.2CVE-2020-2875openSUSE Leap 15.2
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
ModerateCVE-2020-2875SUSE bug 1173599SUSE bug 1173600cpe:/o:opensuse:leap:15.2CVE-2020-28896openSUSE Leap 15.2
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
ModerateCVE-2020-28896SUSE bug 1179035cpe:/o:opensuse:leap:15.2CVE-2020-28915openSUSE Leap 15.2
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
ModerateCVE-2020-28915SUSE bug 1178886cpe:/o:opensuse:leap:15.2CVE-2020-28916openSUSE Leap 15.2
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
ModerateCVE-2020-28916SUSE bug 1178683SUSE bug 1179468cpe:/o:opensuse:leap:15.2CVE-2020-28924openSUSE Leap 15.2
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.
ModerateCVE-2020-28924SUSE bug 1179005cpe:/o:opensuse:leap:15.2CVE-2020-28926openSUSE Leap 15.2
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
ImportantCVE-2020-28926SUSE bug 1179447cpe:/o:opensuse:leap:15.2CVE-2020-28935openSUSE Leap 15.2
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.
ModerateCVE-2020-28935SUSE bug 1173619SUSE bug 1179191cpe:/o:opensuse:leap:15.2CVE-2020-28941openSUSE Leap 15.2
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
ModerateCVE-2020-28941SUSE bug 1178740cpe:/o:opensuse:leap:15.2CVE-2020-28972openSUSE Leap 15.2
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
ImportantCVE-2020-28972SUSE bug 1181550SUSE bug 1181557cpe:/o:opensuse:leap:15.2CVE-2020-28974openSUSE Leap 15.2
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
ModerateCVE-2020-28974SUSE bug 1178589cpe:/o:opensuse:leap:15.2CVE-2020-29129openSUSE Leap 15.2
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
ModerateCVE-2020-29129SUSE bug 1179466SUSE bug 1179467SUSE bug 1179477SUSE bug 1179484cpe:/o:opensuse:leap:15.2CVE-2020-29130openSUSE Leap 15.2
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
ModerateCVE-2020-29130SUSE bug 1178658SUSE bug 1179467SUSE bug 1179477cpe:/o:opensuse:leap:15.2CVE-2020-2933openSUSE Leap 15.2
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-2933SUSE bug 1173599SUSE bug 1173600cpe:/o:opensuse:leap:15.2CVE-2020-2934openSUSE Leap 15.2
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
ModerateCVE-2020-2934SUSE bug 1173599SUSE bug 1173600cpe:/o:opensuse:leap:15.2CVE-2020-29361openSUSE Leap 15.2
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.
ImportantCVE-2020-29361SUSE bug 1180064cpe:/o:opensuse:leap:15.2CVE-2020-29367openSUSE Leap 15.2
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CriticalCVE-2020-29367SUSE bug 1179914cpe:/o:opensuse:leap:15.2CVE-2020-29368openSUSE Leap 15.2
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
ImportantCVE-2020-29368SUSE bug 1179428SUSE bug 1179660SUSE bug 1179664cpe:/o:opensuse:leap:15.2CVE-2020-29369openSUSE Leap 15.2
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
ImportantCVE-2020-29369SUSE bug 1173504SUSE bug 1179432SUSE bug 1179646SUSE bug 1182109cpe:/o:opensuse:leap:15.2CVE-2020-29370openSUSE Leap 15.2
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
ImportantCVE-2020-29370SUSE bug 1179435SUSE bug 1179648cpe:/o:opensuse:leap:15.2CVE-2020-29371openSUSE Leap 15.2
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
ModerateCVE-2020-29371SUSE bug 1179429cpe:/o:opensuse:leap:15.2CVE-2020-29373openSUSE Leap 15.2
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.
ImportantCVE-2020-29373SUSE bug 1179434SUSE bug 1179779cpe:/o:opensuse:leap:15.2CVE-2020-29374openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
ModerateCVE-2020-29374SUSE bug 1179428SUSE bug 1179660cpe:/o:opensuse:leap:15.2CVE-2020-29385openSUSE Leap 15.2
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
ModerateCVE-2020-29385SUSE bug 1180393cpe:/o:opensuse:leap:15.2CVE-2020-29443openSUSE Leap 15.2
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
ModerateCVE-2020-29443SUSE bug 1181108cpe:/o:opensuse:leap:15.2CVE-2020-29480openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g., existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests. This information allows some insight into overall system configuration (including the number and general nature of other guests), and configuration of other guests (including the number and general nature of other guests' devices). This information might be commercially interesting or might make other attacks easier. There is not believed to be exposure of sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and guest filesystems, cryptographic keys, or within-guest data.
ModerateCVE-2020-29480SUSE bug 1178658SUSE bug 1179496cpe:/o:opensuse:leap:15.2CVE-2020-29481openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable.
ModerateCVE-2020-29481SUSE bug 1176349SUSE bug 1178658SUSE bug 1179498cpe:/o:opensuse:leap:15.2CVE-2020-29483openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS.
ModerateCVE-2020-29483SUSE bug 1178658SUSE bug 1179502cpe:/o:opensuse:leap:15.2CVE-2020-29484openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected.
ModerateCVE-2020-29484SUSE bug 1178658SUSE bug 1179501cpe:/o:opensuse:leap:15.2CVE-2020-29562openSUSE Leap 15.2
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
ModerateCVE-2020-29562SUSE bug 1179694cpe:/o:opensuse:leap:15.2CVE-2020-29566openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability.
ModerateCVE-2020-29566SUSE bug 1178658SUSE bug 1179506cpe:/o:opensuse:leap:15.2CVE-2020-29568openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
ModerateCVE-2020-29568SUSE bug 1179508cpe:/o:opensuse:leap:15.2CVE-2020-29569openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
ImportantCVE-2020-29569SUSE bug 1179509SUSE bug 1180008cpe:/o:opensuse:leap:15.2CVE-2020-29570openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.
ModerateCVE-2020-29570SUSE bug 1179514cpe:/o:opensuse:leap:15.2CVE-2020-29571openSUSE Leap 15.2
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable.
ModerateCVE-2020-29571SUSE bug 1179516cpe:/o:opensuse:leap:15.2CVE-2020-29573openSUSE Leap 15.2
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
ImportantCVE-2020-29573SUSE bug 1179721cpe:/o:opensuse:leap:15.2CVE-2020-29599openSUSE Leap 15.2
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
ImportantCVE-2020-29599SUSE bug 1179753cpe:/o:opensuse:leap:15.2CVE-2020-29623openSUSE Leap 15.2
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
ImportantCVE-2020-29623SUSE bug 1184262cpe:/o:opensuse:leap:15.2CVE-2020-29651openSUSE Leap 15.2
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
ModerateCVE-2020-29651SUSE bug 1179805cpe:/o:opensuse:leap:15.2CVE-2020-29660openSUSE Leap 15.2
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
ImportantCVE-2020-29660SUSE bug 1179745SUSE bug 1179877cpe:/o:opensuse:leap:15.2CVE-2020-29661openSUSE Leap 15.2
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
ImportantCVE-2020-29661SUSE bug 1179745SUSE bug 1179877cpe:/o:opensuse:leap:15.2CVE-2020-29663openSUSE Leap 15.2
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.
ModerateCVE-2020-29663SUSE bug 1180147cpe:/o:opensuse:leap:15.2CVE-2020-3123openSUSE Leap 15.2
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
ModerateCVE-2020-3123SUSE bug 1162921cpe:/o:opensuse:leap:15.2CVE-2020-3327openSUSE Leap 15.2
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
ImportantCVE-2020-3327SUSE bug 1171980SUSE bug 1174250cpe:/o:opensuse:leap:15.2CVE-2020-3341openSUSE Leap 15.2
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
ImportantCVE-2020-3341SUSE bug 1171981cpe:/o:opensuse:leap:15.2CVE-2020-3350openSUSE Leap 15.2
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.
ModerateCVE-2020-3350SUSE bug 1174250SUSE bug 1174255cpe:/o:opensuse:leap:15.2CVE-2020-3481openSUSE Leap 15.2
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
ImportantCVE-2020-3481SUSE bug 1174250cpe:/o:opensuse:leap:15.2CVE-2020-35111openSUSE Leap 15.2
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-35111SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-35112openSUSE Leap 15.2
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-35112SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-35113openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-35113SUSE bug 1180039cpe:/o:opensuse:leap:15.2CVE-2020-35448openSUSE Leap 15.2
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
ModerateCVE-2020-35448SUSE bug 1184794cpe:/o:opensuse:leap:15.2CVE-2020-35452openSUSE Leap 15.2
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
ImportantCVE-2020-35452SUSE bug 1186922cpe:/o:opensuse:leap:15.2CVE-2020-35458openSUSE Leap 15.2
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.
CriticalCVE-2020-35458SUSE bug 1179998cpe:/o:opensuse:leap:15.2CVE-2020-35459openSUSE Leap 15.2
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
ImportantCVE-2020-35459SUSE bug 1179999cpe:/o:opensuse:leap:15.2CVE-2020-35493openSUSE Leap 15.2
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
ModerateCVE-2020-35493SUSE bug 1180451cpe:/o:opensuse:leap:15.2CVE-2020-35496openSUSE Leap 15.2
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
ModerateCVE-2020-35496SUSE bug 1180454cpe:/o:opensuse:leap:15.2CVE-2020-35498openSUSE Leap 15.2
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
ImportantCVE-2020-35498SUSE bug 1181742cpe:/o:opensuse:leap:15.2CVE-2020-35503openSUSE Leap 15.2
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-35503SUSE bug 1180432cpe:/o:opensuse:leap:15.2CVE-2020-35504openSUSE Leap 15.2
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-35504SUSE bug 1180433cpe:/o:opensuse:leap:15.2CVE-2020-35505openSUSE Leap 15.2
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-35505SUSE bug 1180434cpe:/o:opensuse:leap:15.2CVE-2020-35506openSUSE Leap 15.2
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
ModerateCVE-2020-35506SUSE bug 1180435cpe:/o:opensuse:leap:15.2CVE-2020-35507openSUSE Leap 15.2
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
ModerateCVE-2020-35507SUSE bug 1180461cpe:/o:opensuse:leap:15.2CVE-2020-35512openSUSE Leap 15.2
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
ImportantCVE-2020-35512SUSE bug 1187105SUSE bug 1189662cpe:/o:opensuse:leap:15.2CVE-2020-35518openSUSE Leap 15.2
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
ModerateCVE-2020-35518SUSE bug 1181159cpe:/o:opensuse:leap:15.2CVE-2020-35519openSUSE Leap 15.2
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2020-35519SUSE bug 1183696SUSE bug 1184953cpe:/o:opensuse:leap:15.2CVE-2020-35573openSUSE Leap 15.2
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
ModerateCVE-2020-35573SUSE bug 1180251cpe:/o:opensuse:leap:15.2CVE-2020-35605openSUSE Leap 15.2
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
ImportantCVE-2020-35605SUSE bug 1180298cpe:/o:opensuse:leap:15.2CVE-2020-35653openSUSE Leap 15.2
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
ImportantCVE-2020-35653SUSE bug 1180834cpe:/o:opensuse:leap:15.2CVE-2020-35654openSUSE Leap 15.2
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
ImportantCVE-2020-35654SUSE bug 1180833SUSE bug 1183103cpe:/o:opensuse:leap:15.2CVE-2020-35655openSUSE Leap 15.2
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
ImportantCVE-2020-35655SUSE bug 1180832cpe:/o:opensuse:leap:15.2CVE-2020-35662openSUSE Leap 15.2
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
ImportantCVE-2020-35662SUSE bug 1181550SUSE bug 1181565cpe:/o:opensuse:leap:15.2CVE-2020-35678openSUSE Leap 15.2
Autobahn|Python before 20.12.3 allows redirect header injection.
ModerateCVE-2020-35678SUSE bug 1180570cpe:/o:opensuse:leap:15.2CVE-2020-35701openSUSE Leap 15.2
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
ModerateCVE-2020-35701SUSE bug 1180804cpe:/o:opensuse:leap:15.2CVE-2020-35728openSUSE Leap 15.2
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
ImportantCVE-2020-35728SUSE bug 1180391cpe:/o:opensuse:leap:15.2CVE-2020-35730openSUSE Leap 15.2
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
ModerateCVE-2020-35730SUSE bug 1180399cpe:/o:opensuse:leap:15.2CVE-2020-35738openSUSE Leap 15.2
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
ImportantCVE-2020-35738SUSE bug 1180414cpe:/o:opensuse:leap:15.2CVE-2020-36129openSUSE Leap 15.2
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
ModerateCVE-2020-36129SUSE bug 1193356cpe:/o:opensuse:leap:15.2CVE-2020-36130openSUSE Leap 15.2
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
ModerateCVE-2020-36130SUSE bug 1193369cpe:/o:opensuse:leap:15.2CVE-2020-36131openSUSE Leap 15.2
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
ModerateCVE-2020-36131SUSE bug 1193365cpe:/o:opensuse:leap:15.2CVE-2020-36135openSUSE Leap 15.2
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
ModerateCVE-2020-36135SUSE bug 1193366cpe:/o:opensuse:leap:15.2CVE-2020-36148openSUSE Leap 15.2
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
ModerateCVE-2020-36148SUSE bug 1181981cpe:/o:opensuse:leap:15.2CVE-2020-36149openSUSE Leap 15.2
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
ModerateCVE-2020-36149SUSE bug 1181980cpe:/o:opensuse:leap:15.2CVE-2020-36150openSUSE Leap 15.2
Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.
ModerateCVE-2020-36150SUSE bug 1181979cpe:/o:opensuse:leap:15.2CVE-2020-36151openSUSE Leap 15.2
Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.
ModerateCVE-2020-36151SUSE bug 1181978cpe:/o:opensuse:leap:15.2CVE-2020-36152openSUSE Leap 15.2
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
ModerateCVE-2020-36152SUSE bug 1181977cpe:/o:opensuse:leap:15.2CVE-2020-36158openSUSE Leap 15.2
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
ImportantCVE-2020-36158SUSE bug 1180559SUSE bug 1180562cpe:/o:opensuse:leap:15.2CVE-2020-36193openSUSE Leap 15.2
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
ImportantCVE-2020-36193SUSE bug 1189591cpe:/o:opensuse:leap:15.2CVE-2020-36221openSUSE Leap 15.2
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
ModerateCVE-2020-36221SUSE bug 1182420cpe:/o:opensuse:leap:15.2CVE-2020-36222openSUSE Leap 15.2
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
ModerateCVE-2020-36222SUSE bug 1182419cpe:/o:opensuse:leap:15.2CVE-2020-36223openSUSE Leap 15.2
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
ModerateCVE-2020-36223SUSE bug 1182418cpe:/o:opensuse:leap:15.2CVE-2020-36224openSUSE Leap 15.2
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
ModerateCVE-2020-36224SUSE bug 1182417cpe:/o:opensuse:leap:15.2CVE-2020-36225openSUSE Leap 15.2
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
ImportantCVE-2020-36225SUSE bug 1182416cpe:/o:opensuse:leap:15.2CVE-2020-36226openSUSE Leap 15.2
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
ModerateCVE-2020-36226SUSE bug 1182415cpe:/o:opensuse:leap:15.2CVE-2020-36227openSUSE Leap 15.2
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.
ImportantCVE-2020-36227SUSE bug 1182413cpe:/o:opensuse:leap:15.2CVE-2020-36228openSUSE Leap 15.2
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
ImportantCVE-2020-36228SUSE bug 1182412cpe:/o:opensuse:leap:15.2CVE-2020-36229openSUSE Leap 15.2
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
ImportantCVE-2020-36229SUSE bug 1182408SUSE bug 1182411cpe:/o:opensuse:leap:15.2CVE-2020-36230openSUSE Leap 15.2
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
ModerateCVE-2020-36230SUSE bug 1182408cpe:/o:opensuse:leap:15.2CVE-2020-36241openSUSE Leap 15.2
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
LowCVE-2020-36241SUSE bug 1181930SUSE bug 1184169cpe:/o:opensuse:leap:15.2CVE-2020-36242openSUSE Leap 15.2
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
ImportantCVE-2020-36242SUSE bug 1182066cpe:/o:opensuse:leap:15.2CVE-2020-36310openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
ModerateCVE-2020-36310SUSE bug 1184512cpe:/o:opensuse:leap:15.2CVE-2020-36311openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
ModerateCVE-2020-36311SUSE bug 1184511cpe:/o:opensuse:leap:15.2CVE-2020-36312openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
LowCVE-2020-36312SUSE bug 1184509cpe:/o:opensuse:leap:15.2CVE-2020-36322openSUSE Leap 15.2
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
ImportantCVE-2020-36322SUSE bug 1184211SUSE bug 1184952cpe:/o:opensuse:leap:15.2CVE-2020-36385openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
ImportantCVE-2020-36385SUSE bug 1187050SUSE bug 1187052SUSE bug 1196174SUSE bug 1196810SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2020-36386openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
ModerateCVE-2020-36386SUSE bug 1187038SUSE bug 1192868cpe:/o:opensuse:leap:15.2CVE-2020-36403openSUSE Leap 15.2
HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).
ModerateCVE-2020-36403SUSE bug 1187917cpe:/o:opensuse:leap:15.2CVE-2020-36430openSUSE Leap 15.2
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
ImportantCVE-2020-36430SUSE bug 1188539cpe:/o:opensuse:leap:15.2CVE-2020-3702openSUSE Leap 15.2
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
ImportantCVE-2020-3702SUSE bug 1191193SUSE bug 1191529cpe:/o:opensuse:leap:15.2CVE-2020-4044openSUSE Leap 15.2
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.
ImportantCVE-2020-4044SUSE bug 1173580cpe:/o:opensuse:leap:15.2CVE-2020-4067openSUSE Leap 15.2
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
ModerateCVE-2020-4067SUSE bug 1173510cpe:/o:opensuse:leap:15.2CVE-2020-4788openSUSE Leap 15.2
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
ModerateCVE-2020-4788SUSE bug 1177666SUSE bug 1181158cpe:/o:opensuse:leap:15.2CVE-2020-5247openSUSE Leap 15.2
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
ModerateCVE-2020-5247SUSE bug 1165402SUSE bug 1165524cpe:/o:opensuse:leap:15.2CVE-2020-5249openSUSE Leap 15.2
In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.
ModerateCVE-2020-5249SUSE bug 1165524cpe:/o:opensuse:leap:15.2CVE-2020-5267openSUSE Leap 15.2
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
ModerateCVE-2020-5267SUSE bug 1167240cpe:/o:opensuse:leap:15.2CVE-2020-5283openSUSE Leap 15.2
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.
ModerateCVE-2020-5283SUSE bug 1167974cpe:/o:opensuse:leap:15.2CVE-2020-6097openSUSE Leap 15.2
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.
ImportantCVE-2020-6097SUSE bug 1176437cpe:/o:opensuse:leap:15.2CVE-2020-6463openSUSE Leap 15.2
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-6463SUSE bug 1171975SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-6464openSUSE Leap 15.2 NonFree
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-6464SUSE bug 1171247cpe:/o:opensuse:leap:15.2CVE-2020-6505openSUSE Leap 15.2
Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ImportantCVE-2020-6505SUSE bug 1173029cpe:/o:opensuse:leap:15.2CVE-2020-6506openSUSE Leap 15.2
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page.
ImportantCVE-2020-6506SUSE bug 1173029cpe:/o:opensuse:leap:15.2CVE-2020-6507openSUSE Leap 15.2
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6507SUSE bug 1173029cpe:/o:opensuse:leap:15.2CVE-2020-6509openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2020-6509SUSE bug 1173251cpe:/o:opensuse:leap:15.2CVE-2020-6510openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6510SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6511openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ImportantCVE-2020-6511SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6512openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6512SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6513openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
ImportantCVE-2020-6513SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6514openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
ImportantCVE-2020-6514SUSE bug 1174189SUSE bug 1174538cpe:/o:opensuse:leap:15.2CVE-2020-6515openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6515SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6516openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ImportantCVE-2020-6516SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6517openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6517SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6518openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6518SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6519openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
ImportantCVE-2020-6519SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6520openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6520SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6521openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ImportantCVE-2020-6521SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6522openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ImportantCVE-2020-6522SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6523openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6523SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6524openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6524SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6525openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6525SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6526openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ImportantCVE-2020-6526SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6527openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
ImportantCVE-2020-6527SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6528openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ImportantCVE-2020-6528SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6529openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
ImportantCVE-2020-6529SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6530openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
ImportantCVE-2020-6530SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6531openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ImportantCVE-2020-6531SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6532openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6532SUSE bug 1174582cpe:/o:opensuse:leap:15.2CVE-2020-6533openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6533SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6534openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6534SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6535openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
ImportantCVE-2020-6535SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6536openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
ImportantCVE-2020-6536SUSE bug 1174189cpe:/o:opensuse:leap:15.2CVE-2020-6537openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
ImportantCVE-2020-6537SUSE bug 1174582cpe:/o:opensuse:leap:15.2CVE-2020-6538openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ImportantCVE-2020-6538SUSE bug 1174582cpe:/o:opensuse:leap:15.2CVE-2020-6539openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6539SUSE bug 1174582cpe:/o:opensuse:leap:15.2CVE-2020-6540openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6540SUSE bug 1174582cpe:/o:opensuse:leap:15.2CVE-2020-6541openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6541SUSE bug 1174582cpe:/o:opensuse:leap:15.2CVE-2020-6542openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-6542SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6543openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6543SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6544openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6544SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6545openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6545SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6546openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
ImportantCVE-2020-6546SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6547openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.
ImportantCVE-2020-6547SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6548openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6548SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6549openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CriticalCVE-2020-6549SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6550openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6550SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6551openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-6551SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6552openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CriticalCVE-2020-6552SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6553openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CriticalCVE-2020-6553SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6554openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2020-6554SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6555openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ImportantCVE-2020-6555SUSE bug 1175085cpe:/o:opensuse:leap:15.2CVE-2020-6556openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CriticalCVE-2020-6556SUSE bug 1175505cpe:/o:opensuse:leap:15.2CVE-2020-6557openSUSE Leap 15.2
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
ModerateCVE-2020-6557SUSE bug 1177408cpe:/o:opensuse:leap:15.2CVE-2020-6558openSUSE Leap 15.2
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2020-6558SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6559openSUSE Leap 15.2
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-6559SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6560openSUSE Leap 15.2
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2020-6560SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6561openSUSE Leap 15.2
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2020-6561SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6562openSUSE Leap 15.2
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2020-6562SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6563openSUSE Leap 15.2
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
ModerateCVE-2020-6563SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6564openSUSE Leap 15.2
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
ModerateCVE-2020-6564SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6565openSUSE Leap 15.2
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2020-6565SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6566openSUSE Leap 15.2
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2020-6566SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6567openSUSE Leap 15.2
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2020-6567SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6568openSUSE Leap 15.2
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2020-6568SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6569openSUSE Leap 15.2
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-6569SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6570openSUSE Leap 15.2
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
ModerateCVE-2020-6570SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6571openSUSE Leap 15.2
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
ModerateCVE-2020-6571SUSE bug 1175757cpe:/o:opensuse:leap:15.2CVE-2020-6573openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-6573SUSE bug 1176306cpe:/o:opensuse:leap:15.2CVE-2020-6574openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
ModerateCVE-2020-6574SUSE bug 1176306cpe:/o:opensuse:leap:15.2CVE-2020-6575openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2020-6575SUSE bug 1176306cpe:/o:opensuse:leap:15.2CVE-2020-6576openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-6576SUSE bug 1176306cpe:/o:opensuse:leap:15.2CVE-2020-6624openSUSE Leap 15.2
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
LowCVE-2020-6624SUSE bug 1160547cpe:/o:opensuse:leap:15.2CVE-2020-6625openSUSE Leap 15.2
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
ModerateCVE-2020-6625SUSE bug 1160544cpe:/o:opensuse:leap:15.2CVE-2020-6816openSUSE Leap 15.2
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
ModerateCVE-2020-6816SUSE bug 1167379cpe:/o:opensuse:leap:15.2CVE-2020-6817openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2020-6817SUSE bug 1168280cpe:/o:opensuse:leap:15.2CVE-2020-6829openSUSE Leap 15.2
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
ModerateCVE-2020-6829SUSE bug 1174763SUSE bug 1175686cpe:/o:opensuse:leap:15.2CVE-2020-6831openSUSE Leap 15.2 NonFree
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
ImportantCVE-2020-6831SUSE bug 1171186SUSE bug 1171247cpe:/o:opensuse:leap:15.2CVE-2020-6860openSUSE Leap 15.2
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.
ModerateCVE-2020-6860SUSE bug 1182883cpe:/o:opensuse:leap:15.2CVE-2020-7068openSUSE Leap 15.2
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
ModerateCVE-2020-7068SUSE bug 1175203SUSE bug 1175223cpe:/o:opensuse:leap:15.2CVE-2020-7069openSUSE Leap 15.2
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
ImportantCVE-2020-7069SUSE bug 1177351cpe:/o:opensuse:leap:15.2CVE-2020-7070openSUSE Leap 15.2
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
ModerateCVE-2020-7070SUSE bug 1177352cpe:/o:opensuse:leap:15.2CVE-2020-7071openSUSE Leap 15.2
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
ModerateCVE-2020-7071SUSE bug 1180706SUSE bug 1182049cpe:/o:opensuse:leap:15.2CVE-2020-7774openSUSE Leap 15.2
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
ImportantCVE-2020-7774SUSE bug 1184450cpe:/o:opensuse:leap:15.2CVE-2020-8023openSUSE Leap 15.2
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
ImportantCVE-2020-8023SUSE bug 1172698SUSE bug 1190347cpe:/o:opensuse:leap:15.2CVE-2020-8024openSUSE Leap 15.2
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.
ModerateCVE-2020-8024SUSE bug 1172731cpe:/o:opensuse:leap:15.2CVE-2020-8026openSUSE Leap 15.2
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
ImportantCVE-2020-8026SUSE bug 1172573cpe:/o:opensuse:leap:15.2CVE-2020-8027openSUSE Leap 15.2
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
ImportantCVE-2020-8027SUSE bug 1175568cpe:/o:opensuse:leap:15.2CVE-2020-8037openSUSE Leap 15.2
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
ModerateCVE-2020-8037SUSE bug 1178466cpe:/o:opensuse:leap:15.2CVE-2020-8154openSUSE Leap 15.2
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
ModerateCVE-2020-8154SUSE bug 1171579cpe:/o:opensuse:leap:15.2CVE-2020-8155openSUSE Leap 15.2
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
LowCVE-2020-8155SUSE bug 1171572cpe:/o:opensuse:leap:15.2CVE-2020-8164openSUSE Leap 15.2
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
ImportantCVE-2020-8164SUSE bug 1172177cpe:/o:opensuse:leap:15.2CVE-2020-8165openSUSE Leap 15.2
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
CriticalCVE-2020-8165SUSE bug 1172186cpe:/o:opensuse:leap:15.2CVE-2020-8166openSUSE Leap 15.2
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
ModerateCVE-2020-8166SUSE bug 1172182cpe:/o:opensuse:leap:15.2CVE-2020-8167openSUSE Leap 15.2
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
ModerateCVE-2020-8167SUSE bug 1172184cpe:/o:opensuse:leap:15.2CVE-2020-8169openSUSE Leap 15.2
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
ModerateCVE-2020-8169SUSE bug 1173026SUSE bug 1186108cpe:/o:opensuse:leap:15.2CVE-2020-8177openSUSE Leap 15.2
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
ImportantCVE-2020-8177SUSE bug 1173027SUSE bug 1186108cpe:/o:opensuse:leap:15.2CVE-2020-8183openSUSE Leap 15.2
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
ModerateCVE-2020-8183SUSE bug 1178384cpe:/o:opensuse:leap:15.2CVE-2020-8184openSUSE Leap 15.2
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
ModerateCVE-2020-8184SUSE bug 1173351SUSE bug 1177352SUSE bug 1193081cpe:/o:opensuse:leap:15.2CVE-2020-8185openSUSE Leap 15.2
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
ModerateCVE-2020-8185SUSE bug 1173564cpe:/o:opensuse:leap:15.2CVE-2020-8201openSUSE Leap 15.2
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
ModerateCVE-2020-8201SUSE bug 1176605cpe:/o:opensuse:leap:15.2CVE-2020-8228openSUSE Leap 15.2
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
ModerateCVE-2020-8228cpe:/o:opensuse:leap:15.2CVE-2020-8231openSUSE Leap 15.2
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
ModerateCVE-2020-8231SUSE bug 1175109SUSE bug 1179399SUSE bug 1186108cpe:/o:opensuse:leap:15.2CVE-2020-8233openSUSE Leap 15.2
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
CriticalCVE-2020-8233cpe:/o:opensuse:leap:15.2CVE-2020-8252openSUSE Leap 15.2
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
ImportantCVE-2020-8252SUSE bug 1176589cpe:/o:opensuse:leap:15.2CVE-2020-8265openSUSE Leap 15.2
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
ImportantCVE-2020-8265SUSE bug 1180553cpe:/o:opensuse:leap:15.2CVE-2020-8277openSUSE Leap 15.2
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
ImportantCVE-2020-8277SUSE bug 1178882cpe:/o:opensuse:leap:15.2CVE-2020-8284openSUSE Leap 15.2
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
ModerateCVE-2020-8284SUSE bug 1179398SUSE bug 1179399SUSE bug 1186108cpe:/o:opensuse:leap:15.2CVE-2020-8285openSUSE Leap 15.2
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
ModerateCVE-2020-8285SUSE bug 1179399SUSE bug 1186108cpe:/o:opensuse:leap:15.2CVE-2020-8286openSUSE Leap 15.2
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
ModerateCVE-2020-8286SUSE bug 1179593SUSE bug 1186108cpe:/o:opensuse:leap:15.2CVE-2020-8287openSUSE Leap 15.2
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
ModerateCVE-2020-8287SUSE bug 1180554cpe:/o:opensuse:leap:15.2CVE-2020-8293openSUSE Leap 15.2
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
ModerateCVE-2020-8293SUSE bug 1181445cpe:/o:opensuse:leap:15.2CVE-2020-8294openSUSE Leap 15.2
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.
LowCVE-2020-8294SUSE bug 1181803cpe:/o:opensuse:leap:15.2CVE-2020-8295openSUSE Leap 15.2
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
ModerateCVE-2020-8295SUSE bug 1181804cpe:/o:opensuse:leap:15.2CVE-2020-8432openSUSE Leap 15.2
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
ImportantCVE-2020-8432SUSE bug 1162198cpe:/o:opensuse:leap:15.2CVE-2020-8492openSUSE Leap 15.2
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
ModerateCVE-2020-8492SUSE bug 1162367cpe:/o:opensuse:leap:15.2CVE-2020-8608openSUSE Leap 15.2
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
ImportantCVE-2020-8608SUSE bug 1163018SUSE bug 1163019cpe:/o:opensuse:leap:15.2CVE-2020-8616openSUSE Leap 15.2
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
ImportantCVE-2020-8616SUSE bug 1109160SUSE bug 1171740cpe:/o:opensuse:leap:15.2CVE-2020-8617openSUSE Leap 15.2
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
ImportantCVE-2020-8617SUSE bug 1109160SUSE bug 1171740cpe:/o:opensuse:leap:15.2CVE-2020-8618openSUSE Leap 15.2
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
ModerateCVE-2020-8618SUSE bug 1172958cpe:/o:opensuse:leap:15.2CVE-2020-8619openSUSE Leap 15.2
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.
ModerateCVE-2020-8619SUSE bug 1172958cpe:/o:opensuse:leap:15.2CVE-2020-8620openSUSE Leap 15.2
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
ImportantCVE-2020-8620SUSE bug 1175443SUSE bug 1191120cpe:/o:opensuse:leap:15.2CVE-2020-8621openSUSE Leap 15.2
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
ImportantCVE-2020-8621SUSE bug 1175443SUSE bug 1191120cpe:/o:opensuse:leap:15.2CVE-2020-8622openSUSE Leap 15.2
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
ImportantCVE-2020-8622SUSE bug 1175443SUSE bug 1188888SUSE bug 1191120cpe:/o:opensuse:leap:15.2CVE-2020-8623openSUSE Leap 15.2
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
ImportantCVE-2020-8623SUSE bug 1175443SUSE bug 1191120cpe:/o:opensuse:leap:15.2CVE-2020-8624openSUSE Leap 15.2
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
ImportantCVE-2020-8624SUSE bug 1175443SUSE bug 1191120cpe:/o:opensuse:leap:15.2CVE-2020-8625openSUSE Leap 15.2
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
ImportantCVE-2020-8625SUSE bug 1182246SUSE bug 1182483SUSE bug 1192708SUSE bug 1196172cpe:/o:opensuse:leap:15.2CVE-2020-8694openSUSE Leap 15.2
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-8694SUSE bug 1170415SUSE bug 1170446SUSE bug 1178591SUSE bug 1178700SUSE bug 1179661cpe:/o:opensuse:leap:15.2CVE-2020-8695openSUSE Leap 15.2
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
ModerateCVE-2020-8695SUSE bug 1170415SUSE bug 1170446SUSE bug 1178591cpe:/o:opensuse:leap:15.2CVE-2020-8696openSUSE Leap 15.2
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-8696SUSE bug 1173592cpe:/o:opensuse:leap:15.2CVE-2020-8698openSUSE Leap 15.2
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-8698SUSE bug 1173594cpe:/o:opensuse:leap:15.2CVE-2020-8903openSUSE Leap 15.2
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.
ImportantCVE-2020-8903SUSE bug 1173258cpe:/o:opensuse:leap:15.2CVE-2020-8907openSUSE Leap 15.2
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
ImportantCVE-2020-8907SUSE bug 1173258cpe:/o:opensuse:leap:15.2CVE-2020-8927openSUSE Leap 15.2
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
ModerateCVE-2020-8927SUSE bug 1175825cpe:/o:opensuse:leap:15.2CVE-2020-8933openSUSE Leap 15.2
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.
ImportantCVE-2020-8933SUSE bug 1173258cpe:/o:opensuse:leap:15.2CVE-2020-9327openSUSE Leap 15.2
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
ModerateCVE-2020-9327SUSE bug 1164719cpe:/o:opensuse:leap:15.2CVE-2020-9490openSUSE Leap 15.2
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
ImportantCVE-2020-9490SUSE bug 1175071SUSE bug 1178074cpe:/o:opensuse:leap:15.2CVE-2020-9862openSUSE Leap 15.2
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.
ModerateCVE-2020-9862SUSE bug 1174662cpe:/o:opensuse:leap:15.2CVE-2020-9893openSUSE Leap 15.2
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
ModerateCVE-2020-9893SUSE bug 1174662cpe:/o:opensuse:leap:15.2CVE-2020-9894openSUSE Leap 15.2
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
ModerateCVE-2020-9894SUSE bug 1174662cpe:/o:opensuse:leap:15.2CVE-2020-9895openSUSE Leap 15.2
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
ModerateCVE-2020-9895SUSE bug 1174662cpe:/o:opensuse:leap:15.2CVE-2020-9915openSUSE Leap 15.2
An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
ModerateCVE-2020-9915SUSE bug 1174662cpe:/o:opensuse:leap:15.2CVE-2020-9925openSUSE Leap 15.2
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.
ModerateCVE-2020-9925SUSE bug 1174662cpe:/o:opensuse:leap:15.2CVE-2020-9948openSUSE Leap 15.2
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2020-9948SUSE bug 1179122SUSE bug 1179910SUSE bug 1179911SUSE bug 1179912cpe:/o:opensuse:leap:15.2CVE-2020-9951openSUSE Leap 15.2
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2020-9951SUSE bug 1179122SUSE bug 1179910SUSE bug 1179911SUSE bug 1179912cpe:/o:opensuse:leap:15.2CVE-2020-9983openSUSE Leap 15.2
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
ImportantCVE-2020-9983SUSE bug 1179122SUSE bug 1179910SUSE bug 1179911SUSE bug 1179912cpe:/o:opensuse:leap:15.2CVE-2021-0089openSUSE Leap 15.2
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
ModerateCVE-2021-0089SUSE bug 1186433cpe:/o:opensuse:leap:15.2CVE-2021-0129openSUSE Leap 15.2
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
ModerateCVE-2021-0129SUSE bug 1186463cpe:/o:opensuse:leap:15.2CVE-2021-0326openSUSE Leap 15.2
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525
ImportantCVE-2021-0326SUSE bug 1181777cpe:/o:opensuse:leap:15.2CVE-2021-0342openSUSE Leap 15.2
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.
ImportantCVE-2021-0342SUSE bug 1180812SUSE bug 1180859cpe:/o:opensuse:leap:15.2CVE-2021-0512openSUSE Leap 15.2
In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel
ImportantCVE-2021-0512SUSE bug 1187595SUSE bug 1187597cpe:/o:opensuse:leap:15.2CVE-2021-0605openSUSE Leap 15.2
In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476
ImportantCVE-2021-0605SUSE bug 1187601SUSE bug 1187687SUSE bug 1188381cpe:/o:opensuse:leap:15.2CVE-2021-0941openSUSE Leap 15.2
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel
ImportantCVE-2021-0941SUSE bug 1192045SUSE bug 1192048cpe:/o:opensuse:leap:15.2CVE-2021-1252openSUSE Leap 15.2
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.
ImportantCVE-2021-1252SUSE bug 1184532cpe:/o:opensuse:leap:15.2CVE-2021-1404openSUSE Leap 15.2
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
ImportantCVE-2021-1404SUSE bug 1184533cpe:/o:opensuse:leap:15.2CVE-2021-1405openSUSE Leap 15.2
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
ImportantCVE-2021-1405SUSE bug 1184534cpe:/o:opensuse:leap:15.2CVE-2021-1765openSUSE Leap 15.2
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
ImportantCVE-2021-1765SUSE bug 1184262cpe:/o:opensuse:leap:15.2CVE-2021-1788openSUSE Leap 15.2
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-1788SUSE bug 1184155cpe:/o:opensuse:leap:15.2CVE-2021-1789openSUSE Leap 15.2
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-1789SUSE bug 1184262cpe:/o:opensuse:leap:15.2CVE-2021-1799openSUSE Leap 15.2
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.
ImportantCVE-2021-1799SUSE bug 1184262cpe:/o:opensuse:leap:15.2CVE-2021-1801openSUSE Leap 15.2
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
ImportantCVE-2021-1801SUSE bug 1184262cpe:/o:opensuse:leap:15.2CVE-2021-1844openSUSE Leap 15.2
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-1844SUSE bug 1184155cpe:/o:opensuse:leap:15.2CVE-2021-1870openSUSE Leap 15.2
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
ImportantCVE-2021-1870SUSE bug 1184262cpe:/o:opensuse:leap:15.2CVE-2021-1871openSUSE Leap 15.2
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
ImportantCVE-2021-1871SUSE bug 1184155cpe:/o:opensuse:leap:15.2CVE-2021-20176openSUSE Leap 15.2
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20176SUSE bug 1181836SUSE bug 1182326cpe:/o:opensuse:leap:15.2CVE-2021-20177openSUSE Leap 15.2
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.
ModerateCVE-2021-20177SUSE bug 1180765cpe:/o:opensuse:leap:15.2CVE-2021-20181openSUSE Leap 15.2
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
ImportantCVE-2021-20181SUSE bug 1182137cpe:/o:opensuse:leap:15.2CVE-2021-20190openSUSE Leap 15.2
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-20190SUSE bug 1181118cpe:/o:opensuse:leap:15.2CVE-2021-20193openSUSE Leap 15.2
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20193SUSE bug 1181131cpe:/o:opensuse:leap:15.2CVE-2021-20197openSUSE Leap 15.2
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
ModerateCVE-2021-20197SUSE bug 1181452cpe:/o:opensuse:leap:15.2CVE-2021-20201openSUSE Leap 15.2
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
ModerateCVE-2021-20201SUSE bug 1181686cpe:/o:opensuse:leap:15.2CVE-2021-20203openSUSE Leap 15.2
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
LowCVE-2021-20203SUSE bug 1181639cpe:/o:opensuse:leap:15.2CVE-2021-20204openSUSE Leap 15.2
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
CriticalCVE-2021-20204SUSE bug 1186251cpe:/o:opensuse:leap:15.2CVE-2021-20208openSUSE Leap 15.2
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
ModerateCVE-2021-20208SUSE bug 1183239cpe:/o:opensuse:leap:15.2CVE-2021-20216openSUSE Leap 15.2
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
ImportantCVE-2021-20216SUSE bug 1181650cpe:/o:opensuse:leap:15.2CVE-2021-20217openSUSE Leap 15.2
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
ImportantCVE-2021-20217SUSE bug 1181650cpe:/o:opensuse:leap:15.2CVE-2021-20221openSUSE Leap 15.2
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
ModerateCVE-2021-20221SUSE bug 1181933cpe:/o:opensuse:leap:15.2CVE-2021-20225openSUSE Leap 15.2
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-20225SUSE bug 1182262SUSE bug 1192833cpe:/o:opensuse:leap:15.2CVE-2021-20230openSUSE Leap 15.2
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.
ImportantCVE-2021-20230SUSE bug 1177580SUSE bug 1182529cpe:/o:opensuse:leap:15.2CVE-2021-20231openSUSE Leap 15.2
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
ImportantCVE-2021-20231SUSE bug 1183457cpe:/o:opensuse:leap:15.2CVE-2021-20232openSUSE Leap 15.2
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
ImportantCVE-2021-20232SUSE bug 1183456cpe:/o:opensuse:leap:15.2CVE-2021-20233openSUSE Leap 15.2
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-20233SUSE bug 1182263SUSE bug 1183135SUSE bug 1192833cpe:/o:opensuse:leap:15.2CVE-2021-20241openSUSE Leap 15.2
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20241SUSE bug 1182335cpe:/o:opensuse:leap:15.2CVE-2021-20243openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20243SUSE bug 1182336cpe:/o:opensuse:leap:15.2CVE-2021-20244openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20244SUSE bug 1182325cpe:/o:opensuse:leap:15.2CVE-2021-20246openSUSE Leap 15.2
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20246SUSE bug 1182337cpe:/o:opensuse:leap:15.2CVE-2021-20247openSUSE Leap 15.2
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.
ModerateCVE-2021-20247SUSE bug 1182488cpe:/o:opensuse:leap:15.2CVE-2021-20254openSUSE Leap 15.2
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
ImportantCVE-2021-20254SUSE bug 1184677SUSE bug 1185886SUSE bug 1189860cpe:/o:opensuse:leap:15.2CVE-2021-20255openSUSE Leap 15.2
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
LowCVE-2021-20255SUSE bug 1182651SUSE bug 1182654cpe:/o:opensuse:leap:15.2CVE-2021-20257openSUSE Leap 15.2
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
LowCVE-2021-20257SUSE bug 1182577SUSE bug 1182846cpe:/o:opensuse:leap:15.2CVE-2021-20266openSUSE Leap 15.2
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
LowCVE-2021-20266SUSE bug 1183632cpe:/o:opensuse:leap:15.2CVE-2021-20270openSUSE Leap 15.2
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
ImportantCVE-2021-20270SUSE bug 1183169cpe:/o:opensuse:leap:15.2CVE-2021-20271openSUSE Leap 15.2
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
LowCVE-2021-20271SUSE bug 1183545cpe:/o:opensuse:leap:15.2CVE-2021-20272openSUSE Leap 15.2
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
ModerateCVE-2021-20272SUSE bug 1183129cpe:/o:opensuse:leap:15.2CVE-2021-20273openSUSE Leap 15.2
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
ModerateCVE-2021-20273SUSE bug 1183129cpe:/o:opensuse:leap:15.2CVE-2021-20274openSUSE Leap 15.2
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
ModerateCVE-2021-20274SUSE bug 1183129cpe:/o:opensuse:leap:15.2CVE-2021-20275openSUSE Leap 15.2
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
ModerateCVE-2021-20275SUSE bug 1183129cpe:/o:opensuse:leap:15.2CVE-2021-20276openSUSE Leap 15.2
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
ModerateCVE-2021-20276SUSE bug 1183129cpe:/o:opensuse:leap:15.2CVE-2021-20277openSUSE Leap 15.2
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
ImportantCVE-2021-20277SUSE bug 1183574cpe:/o:opensuse:leap:15.2CVE-2021-20284openSUSE Leap 15.2
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20284SUSE bug 1183511cpe:/o:opensuse:leap:15.2CVE-2021-20288openSUSE Leap 15.2
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-20288SUSE bug 1183074cpe:/o:opensuse:leap:15.2CVE-2021-20294openSUSE Leap 15.2
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
ModerateCVE-2021-20294SUSE bug 1184519SUSE bug 1196680cpe:/o:opensuse:leap:15.2CVE-2021-20296openSUSE Leap 15.2
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20296SUSE bug 1184354SUSE bug 1184355cpe:/o:opensuse:leap:15.2CVE-2021-20298openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ImportantCVE-2021-20298SUSE bug 1188460SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-20299openSUSE Leap 15.2
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20299SUSE bug 1188459SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-20300openSUSE Leap 15.2
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20300SUSE bug 1188458SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-20302openSUSE Leap 15.2
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20302SUSE bug 1188462SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-20303openSUSE Leap 15.2
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.
ModerateCVE-2021-20303SUSE bug 1188457SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-20304openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2021-20304SUSE bug 1188461SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-20305openSUSE Leap 15.2
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-20305SUSE bug 1183835SUSE bug 1184401cpe:/o:opensuse:leap:15.2CVE-2021-20308openSUSE Leap 15.2
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
LowCVE-2021-20308SUSE bug 1184424cpe:/o:opensuse:leap:15.2CVE-2021-20309openSUSE Leap 15.2
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20309SUSE bug 1184624cpe:/o:opensuse:leap:15.2CVE-2021-20311openSUSE Leap 15.2
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20311SUSE bug 1184626cpe:/o:opensuse:leap:15.2CVE-2021-20312openSUSE Leap 15.2
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20312SUSE bug 1184627cpe:/o:opensuse:leap:15.2CVE-2021-20313openSUSE Leap 15.2
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
ModerateCVE-2021-20313SUSE bug 1184628cpe:/o:opensuse:leap:15.2CVE-2021-20314openSUSE Leap 15.2
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
ModerateCVE-2021-20314SUSE bug 1189104cpe:/o:opensuse:leap:15.2CVE-2021-20322openSUSE Leap 15.2
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
ImportantCVE-2021-20322SUSE bug 1191790SUSE bug 1191813SUSE bug 1193290cpe:/o:opensuse:leap:15.2CVE-2021-2074openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2021-2074SUSE bug 1181197SUSE bug 1181199cpe:/o:opensuse:leap:15.2CVE-2021-21106openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21106SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21107openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21107SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21108openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21108SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21109openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21109SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21110openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21110SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21111openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2021-21111SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21112openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21112SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21113openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21113SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21114openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21114SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21115openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21115SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21116openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21116SUSE bug 1180645cpe:/o:opensuse:leap:15.2CVE-2021-21117openSUSE Leap 15.2
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
ModerateCVE-2021-21117SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21118openSUSE Leap 15.2
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2021-21118SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21119openSUSE Leap 15.2
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21119SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21120openSUSE Leap 15.2
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21120SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21121openSUSE Leap 15.2
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21121SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21122openSUSE Leap 15.2
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21122SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21123openSUSE Leap 15.2
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
ModerateCVE-2021-21123SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21124openSUSE Leap 15.2
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21124SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21125openSUSE Leap 15.2
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
ModerateCVE-2021-21125SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21126openSUSE Leap 15.2
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
ModerateCVE-2021-21126SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21127openSUSE Leap 15.2
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.
ModerateCVE-2021-21127SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21128openSUSE Leap 15.2
Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21128SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21129openSUSE Leap 15.2
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
ModerateCVE-2021-21129SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21130openSUSE Leap 15.2
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
ModerateCVE-2021-21130SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21131openSUSE Leap 15.2
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
ModerateCVE-2021-21131SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21132openSUSE Leap 15.2
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2021-21132SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21133openSUSE Leap 15.2
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-21133SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21134openSUSE Leap 15.2
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
ModerateCVE-2021-21134SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21135openSUSE Leap 15.2
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21135SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21136openSUSE Leap 15.2
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21136SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21137openSUSE Leap 15.2
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
ModerateCVE-2021-21137SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21138openSUSE Leap 15.2
Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.
ModerateCVE-2021-21138SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21139openSUSE Leap 15.2
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-21139SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21140openSUSE Leap 15.2
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
ModerateCVE-2021-21140SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21141openSUSE Leap 15.2
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
ModerateCVE-2021-21141SUSE bug 1181137cpe:/o:opensuse:leap:15.2CVE-2021-21142openSUSE Leap 15.2
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21142SUSE bug 1181772cpe:/o:opensuse:leap:15.2CVE-2021-21143openSUSE Leap 15.2
Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
ModerateCVE-2021-21143SUSE bug 1181772cpe:/o:opensuse:leap:15.2CVE-2021-21144openSUSE Leap 15.2
Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
ModerateCVE-2021-21144SUSE bug 1181772cpe:/o:opensuse:leap:15.2CVE-2021-21145openSUSE Leap 15.2
Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21145SUSE bug 1181772cpe:/o:opensuse:leap:15.2CVE-2021-21146openSUSE Leap 15.2
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21146SUSE bug 1181772cpe:/o:opensuse:leap:15.2CVE-2021-21147openSUSE Leap 15.2
Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-21147SUSE bug 1181772cpe:/o:opensuse:leap:15.2CVE-2021-21148openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-21148SUSE bug 1181827cpe:/o:opensuse:leap:15.2CVE-2021-21149openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-21149SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21150openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21150SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21151openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21151SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21152openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21152SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21153openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2021-21153SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21154openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21154SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21155openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21155SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21156openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
CVE-2021-21156SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21157openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21157SUSE bug 1182358cpe:/o:opensuse:leap:15.2CVE-2021-21159openSUSE Leap 15.2
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21159SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21160openSUSE Leap 15.2
Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21160SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21161openSUSE Leap 15.2
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21161SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21162openSUSE Leap 15.2
Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21162SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21163openSUSE Leap 15.2
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.
ModerateCVE-2021-21163SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21164openSUSE Leap 15.2
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21164SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21165openSUSE Leap 15.2
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21165SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21166openSUSE Leap 15.2
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21166SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21167openSUSE Leap 15.2
Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21167SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21168openSUSE Leap 15.2
Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ModerateCVE-2021-21168SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21169openSUSE Leap 15.2
Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2021-21169SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21170openSUSE Leap 15.2
Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-21170SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21171openSUSE Leap 15.2
Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-21171SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21172openSUSE Leap 15.2
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
ModerateCVE-2021-21172SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21173openSUSE Leap 15.2
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21173SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21174openSUSE Leap 15.2
Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-21174SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21175openSUSE Leap 15.2
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21175SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21176openSUSE Leap 15.2
Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-21176SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21177openSUSE Leap 15.2
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ModerateCVE-2021-21177SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21178openSUSE Leap 15.2
Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-21178SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21179openSUSE Leap 15.2
Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21179SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21180openSUSE Leap 15.2
Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21180SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21181openSUSE Leap 15.2
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ModerateCVE-2021-21181SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21182openSUSE Leap 15.2
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-21182SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21183openSUSE Leap 15.2
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21183SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21184openSUSE Leap 15.2
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21184SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21185openSUSE Leap 15.2
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.
ModerateCVE-2021-21185SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21186openSUSE Leap 15.2
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.
ModerateCVE-2021-21186SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21187openSUSE Leap 15.2
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
ModerateCVE-2021-21187SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21188openSUSE Leap 15.2
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21188SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21189openSUSE Leap 15.2
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-21189SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21190openSUSE Leap 15.2
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
ModerateCVE-2021-21190SUSE bug 1182960SUSE bug 1183514cpe:/o:opensuse:leap:15.2CVE-2021-21191openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21191SUSE bug 1183515cpe:/o:opensuse:leap:15.2CVE-2021-21192openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21192SUSE bug 1183515cpe:/o:opensuse:leap:15.2CVE-2021-21193openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21193SUSE bug 1183515cpe:/o:opensuse:leap:15.2CVE-2021-21194openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21194SUSE bug 1184256cpe:/o:opensuse:leap:15.2CVE-2021-21195openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21195SUSE bug 1184256cpe:/o:opensuse:leap:15.2CVE-2021-21196openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21196SUSE bug 1184256cpe:/o:opensuse:leap:15.2CVE-2021-21197openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21197SUSE bug 1184256cpe:/o:opensuse:leap:15.2CVE-2021-21198openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21198SUSE bug 1184256cpe:/o:opensuse:leap:15.2CVE-2021-21199openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21199SUSE bug 1184256cpe:/o:opensuse:leap:15.2CVE-2021-21201openSUSE Leap 15.2
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21201SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21202openSUSE Leap 15.2
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2021-21202SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21203openSUSE Leap 15.2
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21203SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21204openSUSE Leap 15.2
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21204SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21205openSUSE Leap 15.2
Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-21205SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21206openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-21206SUSE bug 1184700cpe:/o:opensuse:leap:15.2CVE-2021-21207openSUSE Leap 15.2
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
ModerateCVE-2021-21207SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21208openSUSE Leap 15.2
Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.
ModerateCVE-2021-21208SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21209openSUSE Leap 15.2
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21209SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21210openSUSE Leap 15.2
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
ModerateCVE-2021-21210SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21211openSUSE Leap 15.2
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21211SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21212openSUSE Leap 15.2
Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
ModerateCVE-2021-21212SUSE bug 1184764SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-21213openSUSE Leap 15.2
Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21213SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21220openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-21220SUSE bug 1184700cpe:/o:opensuse:leap:15.2CVE-2021-21221openSUSE Leap 15.2
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-21221SUSE bug 1184764cpe:/o:opensuse:leap:15.2CVE-2021-21222openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
ModerateCVE-2021-21222SUSE bug 1185047cpe:/o:opensuse:leap:15.2CVE-2021-21223openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21223SUSE bug 1185047cpe:/o:opensuse:leap:15.2CVE-2021-21224openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
ModerateCVE-2021-21224SUSE bug 1185047cpe:/o:opensuse:leap:15.2CVE-2021-21225openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21225SUSE bug 1185047cpe:/o:opensuse:leap:15.2CVE-2021-21226openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-21226SUSE bug 1185047cpe:/o:opensuse:leap:15.2CVE-2021-21227openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21227SUSE bug 1185375cpe:/o:opensuse:leap:15.2CVE-2021-21228openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
ModerateCVE-2021-21228SUSE bug 1185375cpe:/o:opensuse:leap:15.2CVE-2021-21229openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
ModerateCVE-2021-21229SUSE bug 1185375cpe:/o:opensuse:leap:15.2CVE-2021-21230openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21230SUSE bug 1185375cpe:/o:opensuse:leap:15.2CVE-2021-21231openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21231SUSE bug 1185375cpe:/o:opensuse:leap:15.2CVE-2021-21232openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21232SUSE bug 1185375cpe:/o:opensuse:leap:15.2CVE-2021-21233openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-21233SUSE bug 1185375cpe:/o:opensuse:leap:15.2CVE-2021-21240openSUSE Leap 15.2
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
ModerateCVE-2021-21240SUSE bug 1182053cpe:/o:opensuse:leap:15.2CVE-2021-21261openSUSE Leap 15.2
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0.
ImportantCVE-2021-21261SUSE bug 1180996cpe:/o:opensuse:leap:15.2CVE-2021-21284openSUSE Leap 15.2
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
LowCVE-2021-21284SUSE bug 1181732cpe:/o:opensuse:leap:15.2CVE-2021-21285openSUSE Leap 15.2
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
ModerateCVE-2021-21285SUSE bug 1181730cpe:/o:opensuse:leap:15.2CVE-2021-2129openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N).
ImportantCVE-2021-2129SUSE bug 1181198SUSE bug 1181199cpe:/o:opensuse:leap:15.2CVE-2021-21295openSUSE Leap 15.2
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
ModerateCVE-2021-21295SUSE bug 1183262SUSE bug 1184203cpe:/o:opensuse:leap:15.2CVE-2021-21300openSUSE Leap 15.2
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.
ImportantCVE-2021-21300SUSE bug 1183026cpe:/o:opensuse:leap:15.2CVE-2021-21309openSUSE Leap 15.2
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.
ImportantCVE-2021-21309SUSE bug 1182657cpe:/o:opensuse:leap:15.2CVE-2021-21334openSUSE Leap 15.2
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
ModerateCVE-2021-21334SUSE bug 1183397cpe:/o:opensuse:leap:15.2CVE-2021-21341openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ModerateCVE-2021-21341SUSE bug 1184377cpe:/o:opensuse:leap:15.2CVE-2021-21342openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21342SUSE bug 1184379cpe:/o:opensuse:leap:15.2CVE-2021-21343openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ModerateCVE-2021-21343SUSE bug 1184376cpe:/o:opensuse:leap:15.2CVE-2021-21344openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21344SUSE bug 1184375cpe:/o:opensuse:leap:15.2CVE-2021-21345openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21345SUSE bug 1184372cpe:/o:opensuse:leap:15.2CVE-2021-21346openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21346SUSE bug 1184373cpe:/o:opensuse:leap:15.2CVE-2021-21347openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21347SUSE bug 1184378cpe:/o:opensuse:leap:15.2CVE-2021-21348openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ModerateCVE-2021-21348SUSE bug 1184374cpe:/o:opensuse:leap:15.2CVE-2021-21349openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ModerateCVE-2021-21349SUSE bug 1184797cpe:/o:opensuse:leap:15.2CVE-2021-21350openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21350SUSE bug 1184380cpe:/o:opensuse:leap:15.2CVE-2021-21351openSUSE Leap 15.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21351SUSE bug 1184796cpe:/o:opensuse:leap:15.2CVE-2021-21372openSUSE Leap 15.2
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
ModerateCVE-2021-21372SUSE bug 1185083cpe:/o:opensuse:leap:15.2CVE-2021-21373openSUSE Leap 15.2
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
ModerateCVE-2021-21373SUSE bug 1185084cpe:/o:opensuse:leap:15.2CVE-2021-21374openSUSE Leap 15.2
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
ModerateCVE-2021-21374SUSE bug 1185085cpe:/o:opensuse:leap:15.2CVE-2021-21404openSUSE Leap 15.2
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0.
ModerateCVE-2021-21404SUSE bug 1184428cpe:/o:opensuse:leap:15.2CVE-2021-21416openSUSE Leap 15.2
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password).
LowCVE-2021-21416SUSE bug 1184427cpe:/o:opensuse:leap:15.2CVE-2021-2145openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2021-2145SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2161openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
ModerateCVE-2021-2161SUSE bug 1185056cpe:/o:opensuse:leap:15.2CVE-2021-2163openSUSE Leap 15.2
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
ModerateCVE-2021-2163SUSE bug 1185055cpe:/o:opensuse:leap:15.2CVE-2021-21702openSUSE Leap 15.2
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
ImportantCVE-2021-21702SUSE bug 1182049cpe:/o:opensuse:leap:15.2CVE-2021-21703openSUSE Leap 15.2
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
ModerateCVE-2021-21703SUSE bug 1192050cpe:/o:opensuse:leap:15.2CVE-2021-21704openSUSE Leap 15.2
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
ImportantCVE-2021-21704SUSE bug 1188035cpe:/o:opensuse:leap:15.2CVE-2021-21705openSUSE Leap 15.2
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
ModerateCVE-2021-21705SUSE bug 1188037cpe:/o:opensuse:leap:15.2CVE-2021-21707openSUSE Leap 15.2
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
ModerateCVE-2021-21707SUSE bug 1193041cpe:/o:opensuse:leap:15.2CVE-2021-21775openSUSE Leap 15.2
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.
ImportantCVE-2021-21775SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-21779openSUSE Leap 15.2
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
ImportantCVE-2021-21779SUSE bug 1188293SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-21781openSUSE Leap 15.2
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
ModerateCVE-2021-21781SUSE bug 1188445cpe:/o:opensuse:leap:15.2CVE-2021-21806openSUSE Leap 15.2
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
ImportantCVE-2021-21806SUSE bug 1188294SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-21996openSUSE Leap 15.2
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
ModerateCVE-2021-21996SUSE bug 1190265cpe:/o:opensuse:leap:15.2CVE-2021-22116openSUSE Leap 15.2
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
ModerateCVE-2021-22116SUSE bug 1186203cpe:/o:opensuse:leap:15.2CVE-2021-22173openSUSE Leap 15.2
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-22173SUSE bug 1181598cpe:/o:opensuse:leap:15.2CVE-2021-22174openSUSE Leap 15.2
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-22174SUSE bug 1181599cpe:/o:opensuse:leap:15.2CVE-2021-22191openSUSE Leap 15.2
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
ImportantCVE-2021-22191SUSE bug 1183353cpe:/o:opensuse:leap:15.2CVE-2021-22204openSUSE Leap 15.2
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
ModerateCVE-2021-22204SUSE bug 1185547cpe:/o:opensuse:leap:15.2CVE-2021-22207openSUSE Leap 15.2
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-22207SUSE bug 1185128cpe:/o:opensuse:leap:15.2CVE-2021-22235openSUSE Leap 15.2
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-22235SUSE bug 1188375cpe:/o:opensuse:leap:15.2CVE-2021-2250openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2021-2250SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-22543openSUSE Leap 15.2
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
ImportantCVE-2021-22543SUSE bug 1186482SUSE bug 1186483SUSE bug 1190276SUSE bug 1197660cpe:/o:opensuse:leap:15.2CVE-2021-22555openSUSE Leap 15.2
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
ImportantCVE-2021-22555SUSE bug 1188116SUSE bug 1188117SUSE bug 1188411cpe:/o:opensuse:leap:15.2CVE-2021-2264openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).
ImportantCVE-2021-2264SUSE bug 1184542SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2266openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2266SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2279openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
ImportantCVE-2021-2279SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2280openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2280SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2281openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
ImportantCVE-2021-2281SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2282openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2282SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2283openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2283SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2284openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
ImportantCVE-2021-2284SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2285openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2285SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2286openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
ImportantCVE-2021-2286SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2287openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2287SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-22876openSUSE Leap 15.2
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
ModerateCVE-2021-22876SUSE bug 1183933cpe:/o:opensuse:leap:15.2CVE-2021-22879openSUSE Leap 15.2
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
ModerateCVE-2021-22879SUSE bug 1184770cpe:/o:opensuse:leap:15.2CVE-2021-22880openSUSE Leap 15.2
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
ModerateCVE-2021-22880SUSE bug 1182169SUSE bug 1188335cpe:/o:opensuse:leap:15.2CVE-2021-22883openSUSE Leap 15.2
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
ImportantCVE-2021-22883SUSE bug 1182619cpe:/o:opensuse:leap:15.2CVE-2021-22884openSUSE Leap 15.2
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
ModerateCVE-2021-22884SUSE bug 1182620SUSE bug 1188549cpe:/o:opensuse:leap:15.2CVE-2021-22885openSUSE Leap 15.2
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
ImportantCVE-2021-22885SUSE bug 1185715cpe:/o:opensuse:leap:15.2CVE-2021-22890openSUSE Leap 15.2
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
ModerateCVE-2021-22890SUSE bug 1183934cpe:/o:opensuse:leap:15.2CVE-2021-22898openSUSE Leap 15.2
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
ModerateCVE-2021-22898SUSE bug 1186114SUSE bug 1192450cpe:/o:opensuse:leap:15.2CVE-2021-2291openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
ImportantCVE-2021-2291SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-22918openSUSE Leap 15.2
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
ModerateCVE-2021-22918SUSE bug 1187973cpe:/o:opensuse:leap:15.2CVE-2021-22922openSUSE Leap 15.2
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
ModerateCVE-2021-22922SUSE bug 1188217SUSE bug 1192447cpe:/o:opensuse:leap:15.2CVE-2021-22923openSUSE Leap 15.2
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
ModerateCVE-2021-22923SUSE bug 1188218SUSE bug 1192447cpe:/o:opensuse:leap:15.2CVE-2021-22924openSUSE Leap 15.2
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
ModerateCVE-2021-22924SUSE bug 1188219SUSE bug 1192447cpe:/o:opensuse:leap:15.2CVE-2021-22925openSUSE Leap 15.2
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
ModerateCVE-2021-22925SUSE bug 1188220SUSE bug 1192447cpe:/o:opensuse:leap:15.2CVE-2021-22929openSUSE Leap 15.2
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.
LowCVE-2021-22929SUSE bug 1192658cpe:/o:opensuse:leap:15.2CVE-2021-22930openSUSE Leap 15.2
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CriticalCVE-2021-22930SUSE bug 1188917SUSE bug 1189368cpe:/o:opensuse:leap:15.2CVE-2021-22931openSUSE Leap 15.2
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
ImportantCVE-2021-22931SUSE bug 1189370cpe:/o:opensuse:leap:15.2CVE-2021-22939openSUSE Leap 15.2
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
ModerateCVE-2021-22939SUSE bug 1189369cpe:/o:opensuse:leap:15.2CVE-2021-22940openSUSE Leap 15.2
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CriticalCVE-2021-22940SUSE bug 1189368cpe:/o:opensuse:leap:15.2CVE-2021-22946openSUSE Leap 15.2
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
ModerateCVE-2021-22946SUSE bug 1190373SUSE bug 1194948cpe:/o:opensuse:leap:15.2CVE-2021-22947openSUSE Leap 15.2
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
ModerateCVE-2021-22947SUSE bug 1190374cpe:/o:opensuse:leap:15.2CVE-2021-22959openSUSE Leap 15.2
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
ModerateCVE-2021-22959SUSE bug 1191601cpe:/o:opensuse:leap:15.2CVE-2021-2296openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2296SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-22960openSUSE Leap 15.2
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
ModerateCVE-2021-22960SUSE bug 1191602cpe:/o:opensuse:leap:15.2CVE-2021-2297openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2297SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-23017openSUSE Leap 15.2
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
ImportantCVE-2021-23017SUSE bug 1186126cpe:/o:opensuse:leap:15.2CVE-2021-2306openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
ImportantCVE-2021-2306SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2309openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2021-2309SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2310openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2021-2310SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-2312openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ImportantCVE-2021-2312SUSE bug 1185211cpe:/o:opensuse:leap:15.2CVE-2021-23134openSUSE Leap 15.2
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
ImportantCVE-2021-23134SUSE bug 1186060SUSE bug 1186061cpe:/o:opensuse:leap:15.2CVE-2021-23192openSUSE Leap 15.2
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
ModerateCVE-2021-23192SUSE bug 1192214cpe:/o:opensuse:leap:15.2CVE-2021-23214openSUSE Leap 15.2
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
ImportantCVE-2021-23214SUSE bug 1192516cpe:/o:opensuse:leap:15.2CVE-2021-23215openSUSE Leap 15.2
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
ModerateCVE-2021-23215SUSE bug 1185216cpe:/o:opensuse:leap:15.2CVE-2021-23222openSUSE Leap 15.2
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
ImportantCVE-2021-23222SUSE bug 1192516cpe:/o:opensuse:leap:15.2CVE-2021-23239openSUSE Leap 15.2
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
ModerateCVE-2021-23239SUSE bug 1171722SUSE bug 1180684cpe:/o:opensuse:leap:15.2CVE-2021-23240openSUSE Leap 15.2
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
ImportantCVE-2021-23240SUSE bug 1171722SUSE bug 1180685cpe:/o:opensuse:leap:15.2CVE-2021-23336openSUSE Leap 15.2
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
ModerateCVE-2021-23336SUSE bug 1182179SUSE bug 1182379SUSE bug 1182433cpe:/o:opensuse:leap:15.2CVE-2021-23358openSUSE Leap 15.2
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
ImportantCVE-2021-23358SUSE bug 1184800cpe:/o:opensuse:leap:15.2CVE-2021-23362openSUSE Leap 15.2
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
ModerateCVE-2021-23362SUSE bug 1187977cpe:/o:opensuse:leap:15.2CVE-2021-2341openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
ModerateCVE-2021-2341SUSE bug 1188564cpe:/o:opensuse:leap:15.2CVE-2021-2369openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
ModerateCVE-2021-2369SUSE bug 1188565cpe:/o:opensuse:leap:15.2CVE-2021-23840openSUSE Leap 15.2
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
ModerateCVE-2021-23840SUSE bug 1182333cpe:/o:opensuse:leap:15.2CVE-2021-23841openSUSE Leap 15.2
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
ModerateCVE-2021-23841SUSE bug 1182331cpe:/o:opensuse:leap:15.2CVE-2021-2388openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
ImportantCVE-2021-2388SUSE bug 1188566cpe:/o:opensuse:leap:15.2CVE-2021-23953openSUSE Leap 15.2
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23953SUSE bug 1181414cpe:/o:opensuse:leap:15.2CVE-2021-23954openSUSE Leap 15.2
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23954SUSE bug 1181414cpe:/o:opensuse:leap:15.2CVE-2021-23960openSUSE Leap 15.2
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23960SUSE bug 1181414cpe:/o:opensuse:leap:15.2CVE-2021-23961openSUSE Leap 15.2
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
ImportantCVE-2021-23961SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-23964openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23964SUSE bug 1181414cpe:/o:opensuse:leap:15.2CVE-2021-23968openSUSE Leap 15.2
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ModerateCVE-2021-23968SUSE bug 1182614cpe:/o:opensuse:leap:15.2CVE-2021-23969openSUSE Leap 15.2
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ModerateCVE-2021-23969SUSE bug 1182614cpe:/o:opensuse:leap:15.2CVE-2021-23973openSUSE Leap 15.2
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ModerateCVE-2021-23973SUSE bug 1182614cpe:/o:opensuse:leap:15.2CVE-2021-23978openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ModerateCVE-2021-23978SUSE bug 1182614cpe:/o:opensuse:leap:15.2CVE-2021-23980openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2021-23980SUSE bug 1184547cpe:/o:opensuse:leap:15.2CVE-2021-23981openSUSE Leap 15.2
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23981SUSE bug 1183942cpe:/o:opensuse:leap:15.2CVE-2021-23982openSUSE Leap 15.2
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23982SUSE bug 1183942cpe:/o:opensuse:leap:15.2CVE-2021-23984openSUSE Leap 15.2
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23984SUSE bug 1183942cpe:/o:opensuse:leap:15.2CVE-2021-23987openSUSE Leap 15.2
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23987SUSE bug 1183942cpe:/o:opensuse:leap:15.2CVE-2021-23991openSUSE Leap 15.2
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.
ModerateCVE-2021-23991SUSE bug 1184536cpe:/o:opensuse:leap:15.2CVE-2021-23992openSUSE Leap 15.2
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1.
ModerateCVE-2021-23992SUSE bug 1184536cpe:/o:opensuse:leap:15.2CVE-2021-23993openSUSE Leap 15.2
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.
ModerateCVE-2021-23993SUSE bug 1184536cpe:/o:opensuse:leap:15.2CVE-2021-23994openSUSE Leap 15.2
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23994SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-23995openSUSE Leap 15.2
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23995SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-23998openSUSE Leap 15.2
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23998SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-23999openSUSE Leap 15.2
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23999SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-24002openSUSE Leap 15.2
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-24002SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-24031openSUSE Leap 15.2
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
ModerateCVE-2021-24031SUSE bug 1183371cpe:/o:opensuse:leap:15.2CVE-2021-24032openSUSE Leap 15.2
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
ModerateCVE-2021-24032SUSE bug 1183370SUSE bug 1183371cpe:/o:opensuse:leap:15.2CVE-2021-2409openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
ImportantCVE-2021-2409SUSE bug 1188536cpe:/o:opensuse:leap:15.2CVE-2021-24115openSUSE Leap 15.2
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
CriticalCVE-2021-24115SUSE bug 1182670cpe:/o:opensuse:leap:15.2CVE-2021-24119openSUSE Leap 15.2
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
ModerateCVE-2021-24119SUSE bug 1189589cpe:/o:opensuse:leap:15.2CVE-2021-24122openSUSE Leap 15.2
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.
ModerateCVE-2021-24122SUSE bug 1180947cpe:/o:opensuse:leap:15.2CVE-2021-2442openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
ModerateCVE-2021-2442cpe:/o:opensuse:leap:15.2CVE-2021-2443openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Solaris x86 and Linux systems only. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
ImportantCVE-2021-2443cpe:/o:opensuse:leap:15.2CVE-2021-2454openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
ImportantCVE-2021-2454cpe:/o:opensuse:leap:15.2CVE-2021-2475openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2021-2475SUSE bug 1191869cpe:/o:opensuse:leap:15.2CVE-2021-25122openSUSE Leap 15.2
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
ImportantCVE-2021-25122SUSE bug 1182912SUSE bug 1188549cpe:/o:opensuse:leap:15.2CVE-2021-25214openSUSE Leap 15.2
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
ModerateCVE-2021-25214SUSE bug 1185345cpe:/o:opensuse:leap:15.2CVE-2021-25215openSUSE Leap 15.2
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
ModerateCVE-2021-25215SUSE bug 1185345SUSE bug 1189848SUSE bug 1196172SUSE bug 1199298cpe:/o:opensuse:leap:15.2CVE-2021-25217openSUSE Leap 15.2
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
ImportantCVE-2021-25217SUSE bug 1186382SUSE bug 1189843SUSE bug 1189858SUSE bug 1199299cpe:/o:opensuse:leap:15.2CVE-2021-25219openSUSE Leap 15.2
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
ModerateCVE-2021-25219SUSE bug 1192146cpe:/o:opensuse:leap:15.2CVE-2021-25281openSUSE Leap 15.2
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
ImportantCVE-2021-25281SUSE bug 1181550SUSE bug 1181559cpe:/o:opensuse:leap:15.2CVE-2021-25282openSUSE Leap 15.2
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
ImportantCVE-2021-25282SUSE bug 1181550SUSE bug 1181560cpe:/o:opensuse:leap:15.2CVE-2021-25283openSUSE Leap 15.2
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
ImportantCVE-2021-25283SUSE bug 1181550SUSE bug 1181561cpe:/o:opensuse:leap:15.2CVE-2021-25284openSUSE Leap 15.2
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
ImportantCVE-2021-25284SUSE bug 1181550cpe:/o:opensuse:leap:15.2CVE-2021-25289openSUSE Leap 15.2
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
CriticalCVE-2021-25289SUSE bug 1183103cpe:/o:opensuse:leap:15.2CVE-2021-25290openSUSE Leap 15.2
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
ImportantCVE-2021-25290SUSE bug 1183105cpe:/o:opensuse:leap:15.2CVE-2021-25291openSUSE Leap 15.2
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
ImportantCVE-2021-25291SUSE bug 1183106cpe:/o:opensuse:leap:15.2CVE-2021-25292openSUSE Leap 15.2
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
ImportantCVE-2021-25292SUSE bug 1183101cpe:/o:opensuse:leap:15.2CVE-2021-25293openSUSE Leap 15.2
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
ImportantCVE-2021-25293SUSE bug 1183102cpe:/o:opensuse:leap:15.2CVE-2021-25314openSUSE Leap 15.2
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.
ImportantCVE-2021-25314SUSE bug 1182166SUSE bug 1183693cpe:/o:opensuse:leap:15.2CVE-2021-25315openSUSE Leap 15.2
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
CriticalCVE-2021-25315SUSE bug 1182382cpe:/o:opensuse:leap:15.2CVE-2021-25317openSUSE Leap 15.2
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.
ModerateCVE-2021-25317SUSE bug 1184161SUSE bug 1192358cpe:/o:opensuse:leap:15.2CVE-2021-25319openSUSE Leap 15.2
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.
ImportantCVE-2021-25319SUSE bug 1182918cpe:/o:opensuse:leap:15.2CVE-2021-25321openSUSE Leap 15.2
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
ModerateCVE-2021-25321SUSE bug 1186240cpe:/o:opensuse:leap:15.2CVE-2021-25329openSUSE Leap 15.2
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
ImportantCVE-2021-25329SUSE bug 1182909cpe:/o:opensuse:leap:15.2CVE-2021-25900openSUSE Leap 15.2
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
ImportantCVE-2021-25900SUSE bug 1183403cpe:/o:opensuse:leap:15.2CVE-2021-26220openSUSE Leap 15.2
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
ModerateCVE-2021-26220SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-26221openSUSE Leap 15.2
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
ModerateCVE-2021-26221SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-26222openSUSE Leap 15.2
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
ModerateCVE-2021-26222SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-26260openSUSE Leap 15.2
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
ModerateCVE-2021-26260SUSE bug 1185217cpe:/o:opensuse:leap:15.2CVE-2021-26675openSUSE Leap 15.2
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
ModerateCVE-2021-26675SUSE bug 1181751SUSE bug 1186869cpe:/o:opensuse:leap:15.2CVE-2021-26676openSUSE Leap 15.2
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
ModerateCVE-2021-26676SUSE bug 1181751SUSE bug 1186869cpe:/o:opensuse:leap:15.2CVE-2021-26690openSUSE Leap 15.2
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
ImportantCVE-2021-26690SUSE bug 1186923cpe:/o:opensuse:leap:15.2CVE-2021-26691openSUSE Leap 15.2
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
ImportantCVE-2021-26691SUSE bug 1187017cpe:/o:opensuse:leap:15.2CVE-2021-26720openSUSE Leap 15.2
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
ImportantCVE-2021-26720SUSE bug 1180827SUSE bug 1180865SUSE bug 1181852SUSE bug 1186412cpe:/o:opensuse:leap:15.2CVE-2021-26813openSUSE Leap 15.2
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
ModerateCVE-2021-26813SUSE bug 1183171cpe:/o:opensuse:leap:15.2CVE-2021-26910openSUSE Leap 15.2
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
ModerateCVE-2021-26910SUSE bug 1181990cpe:/o:opensuse:leap:15.2CVE-2021-26930openSUSE Leap 15.2
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
ImportantCVE-2021-26930SUSE bug 1181843SUSE bug 1182294cpe:/o:opensuse:leap:15.2CVE-2021-26931openSUSE Leap 15.2
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
ModerateCVE-2021-26931SUSE bug 1181753SUSE bug 1183022cpe:/o:opensuse:leap:15.2CVE-2021-26932openSUSE Leap 15.2
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
ModerateCVE-2021-26932SUSE bug 1181747cpe:/o:opensuse:leap:15.2CVE-2021-26937openSUSE Leap 15.2
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
ImportantCVE-2021-26937SUSE bug 1182092cpe:/o:opensuse:leap:15.2CVE-2021-27135openSUSE Leap 15.2
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
ImportantCVE-2021-27135SUSE bug 1182091SUSE bug 1189857SUSE bug 1190262cpe:/o:opensuse:leap:15.2CVE-2021-27212openSUSE Leap 15.2
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
ImportantCVE-2021-27212SUSE bug 1182279cpe:/o:opensuse:leap:15.2CVE-2021-27218openSUSE Leap 15.2
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
ModerateCVE-2021-27218SUSE bug 1182328SUSE bug 1182362cpe:/o:opensuse:leap:15.2CVE-2021-27219openSUSE Leap 15.2
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
ModerateCVE-2021-27219SUSE bug 1182362SUSE bug 1194015cpe:/o:opensuse:leap:15.2CVE-2021-27290openSUSE Leap 15.2
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
ImportantCVE-2021-27290SUSE bug 1187976cpe:/o:opensuse:leap:15.2CVE-2021-27291openSUSE Leap 15.2
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
ImportantCVE-2021-27291SUSE bug 1184812cpe:/o:opensuse:leap:15.2CVE-2021-27358openSUSE Leap 15.2
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
ImportantCVE-2021-27358SUSE bug 1183803cpe:/o:opensuse:leap:15.2CVE-2021-27363openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
ImportantCVE-2021-27363SUSE bug 1182716SUSE bug 1182717SUSE bug 1183120cpe:/o:opensuse:leap:15.2CVE-2021-27364openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
ImportantCVE-2021-27364SUSE bug 1182715SUSE bug 1182716SUSE bug 1182717cpe:/o:opensuse:leap:15.2CVE-2021-27365openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
ImportantCVE-2021-27365SUSE bug 1182712SUSE bug 1182715SUSE bug 1183491cpe:/o:opensuse:leap:15.2CVE-2021-27803openSUSE Leap 15.2
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
ImportantCVE-2021-27803SUSE bug 1182805cpe:/o:opensuse:leap:15.2CVE-2021-27918openSUSE Leap 15.2
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
ModerateCVE-2021-27918SUSE bug 1183333cpe:/o:opensuse:leap:15.2CVE-2021-27921openSUSE Leap 15.2
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
ImportantCVE-2021-27921SUSE bug 1183110cpe:/o:opensuse:leap:15.2CVE-2021-27922openSUSE Leap 15.2
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
ModerateCVE-2021-27922SUSE bug 1183108cpe:/o:opensuse:leap:15.2CVE-2021-27923openSUSE Leap 15.2
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
ModerateCVE-2021-27923SUSE bug 1183107cpe:/o:opensuse:leap:15.2CVE-2021-27962openSUSE Leap 15.2
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
ModerateCVE-2021-27962SUSE bug 1184371cpe:/o:opensuse:leap:15.2CVE-2021-28038openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
ModerateCVE-2021-28038SUSE bug 1183022SUSE bug 1183069cpe:/o:opensuse:leap:15.2CVE-2021-28089openSUSE Leap 15.2
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
ModerateCVE-2021-28089SUSE bug 1183726SUSE bug 1184261cpe:/o:opensuse:leap:15.2CVE-2021-28090openSUSE Leap 15.2
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
ModerateCVE-2021-28090SUSE bug 1183726SUSE bug 1184261cpe:/o:opensuse:leap:15.2CVE-2021-28091openSUSE Leap 15.2
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
ImportantCVE-2021-28091SUSE bug 1186768cpe:/o:opensuse:leap:15.2CVE-2021-28116openSUSE Leap 15.2
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
ModerateCVE-2021-28116SUSE bug 1189403cpe:/o:opensuse:leap:15.2CVE-2021-28146openSUSE Leap 15.2
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
ModerateCVE-2021-28146SUSE bug 1183811cpe:/o:opensuse:leap:15.2CVE-2021-28147openSUSE Leap 15.2
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.
ModerateCVE-2021-28147SUSE bug 1183809cpe:/o:opensuse:leap:15.2CVE-2021-28148openSUSE Leap 15.2
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
ImportantCVE-2021-28148SUSE bug 1183813cpe:/o:opensuse:leap:15.2CVE-2021-28210openSUSE Leap 15.2
An unlimited recursion in DxeCore in EDK II.
ModerateCVE-2021-28210SUSE bug 1183579cpe:/o:opensuse:leap:15.2CVE-2021-28211openSUSE Leap 15.2
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
ModerateCVE-2021-28211SUSE bug 1183578cpe:/o:opensuse:leap:15.2CVE-2021-28375openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
ImportantCVE-2021-28375SUSE bug 1183596SUSE bug 1184955cpe:/o:opensuse:leap:15.2CVE-2021-28421openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21417. Reason: This candidate is a duplicate of CVE-2021-21417. Notes: All CVE users should reference CVE-2021-21417 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ImportantCVE-2021-28421SUSE bug 1184705cpe:/o:opensuse:leap:15.2CVE-2021-28651openSUSE Leap 15.2
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
ImportantCVE-2021-28651SUSE bug 1185921cpe:/o:opensuse:leap:15.2CVE-2021-28652openSUSE Leap 15.2
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
ModerateCVE-2021-28652SUSE bug 1185918cpe:/o:opensuse:leap:15.2CVE-2021-28660openSUSE Leap 15.2
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
ImportantCVE-2021-28660SUSE bug 1183593SUSE bug 1183658cpe:/o:opensuse:leap:15.2CVE-2021-28662openSUSE Leap 15.2
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
ModerateCVE-2021-28662SUSE bug 1185919cpe:/o:opensuse:leap:15.2CVE-2021-28687openSUSE Leap 15.2
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. The effect of this is to crash the process monitoring the guest. How this affects the system depends on the structure of the toolstack. For xl, this will have no security-relevant effect: every VM has its own independent monitoring process, which contains no state. The domain in question will hang in a crashed state, but can be destroyed by `xl destroy` just like any other non-cooperating domain. For daemon-based toolstacks linked against libxl, such as libvirt, this will crash the toolstack, losing the state of any in-progress operations (localized DoS), and preventing further administrator operations unless the daemon is configured to restart automatically (system-wide DoS). If crashes "leak" resources, then repeated crashes could use up resources, also causing a system-wide DoS.
ModerateCVE-2021-28687SUSE bug 1183072cpe:/o:opensuse:leap:15.2CVE-2021-28688openSUSE Leap 15.2
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
ModerateCVE-2021-28688SUSE bug 1183646cpe:/o:opensuse:leap:15.2CVE-2021-28690openSUSE Leap 15.2
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.
ModerateCVE-2021-28690SUSE bug 1186434cpe:/o:opensuse:leap:15.2CVE-2021-28692openSUSE Leap 15.2
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.
ModerateCVE-2021-28692SUSE bug 1186429cpe:/o:opensuse:leap:15.2CVE-2021-28693openSUSE Leap 15.2
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.
ModerateCVE-2021-28693SUSE bug 1186428cpe:/o:opensuse:leap:15.2CVE-2021-28694openSUSE Leap 15.2
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).
ImportantCVE-2021-28694SUSE bug 1189373SUSE bug 1189980cpe:/o:opensuse:leap:15.2CVE-2021-28695openSUSE Leap 15.2
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).
ImportantCVE-2021-28695SUSE bug 1189373SUSE bug 1189980cpe:/o:opensuse:leap:15.2CVE-2021-28696openSUSE Leap 15.2
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).
ImportantCVE-2021-28696SUSE bug 1189373SUSE bug 1189980cpe:/o:opensuse:leap:15.2CVE-2021-28697openSUSE Leap 15.2
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.
ImportantCVE-2021-28697SUSE bug 1189376cpe:/o:opensuse:leap:15.2CVE-2021-28698openSUSE Leap 15.2
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of "cooperating" guests may, however, cause the effects to be more severe.
ModerateCVE-2021-28698SUSE bug 1189378cpe:/o:opensuse:leap:15.2CVE-2021-28699openSUSE Leap 15.2
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.
ImportantCVE-2021-28699SUSE bug 1189380SUSE bug 1194306cpe:/o:opensuse:leap:15.2CVE-2021-28700openSUSE Leap 15.2
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured.
ModerateCVE-2021-28700SUSE bug 1189381cpe:/o:opensuse:leap:15.2CVE-2021-28701openSUSE Leap 15.2
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.
ImportantCVE-2021-28701SUSE bug 1189632cpe:/o:opensuse:leap:15.2CVE-2021-28702openSUSE Leap 15.2
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
ModerateCVE-2021-28702SUSE bug 1191363cpe:/o:opensuse:leap:15.2CVE-2021-28704openSUSE Leap 15.2
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).
ModerateCVE-2021-28704SUSE bug 1192557cpe:/o:opensuse:leap:15.2CVE-2021-28705openSUSE Leap 15.2
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)
ModerateCVE-2021-28705SUSE bug 1192559cpe:/o:opensuse:leap:15.2CVE-2021-28706openSUSE Leap 15.2
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.
ModerateCVE-2021-28706SUSE bug 1192554cpe:/o:opensuse:leap:15.2CVE-2021-28707openSUSE Leap 15.2
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).
ModerateCVE-2021-28707cpe:/o:opensuse:leap:15.2CVE-2021-28708openSUSE Leap 15.2
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).
ModerateCVE-2021-28708cpe:/o:opensuse:leap:15.2CVE-2021-28709openSUSE Leap 15.2
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)
ModerateCVE-2021-28709cpe:/o:opensuse:leap:15.2CVE-2021-28831openSUSE Leap 15.2
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
ImportantCVE-2021-28831SUSE bug 1184522cpe:/o:opensuse:leap:15.2CVE-2021-28899openSUSE Leap 15.2
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
ModerateCVE-2021-28899SUSE bug 1185874cpe:/o:opensuse:leap:15.2CVE-2021-28950openSUSE Leap 15.2
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.
ModerateCVE-2021-28950SUSE bug 1184194SUSE bug 1184211cpe:/o:opensuse:leap:15.2CVE-2021-28964openSUSE Leap 15.2
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.
ModerateCVE-2021-28964SUSE bug 1184193cpe:/o:opensuse:leap:15.2CVE-2021-28965openSUSE Leap 15.2
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
ModerateCVE-2021-28965SUSE bug 1184644cpe:/o:opensuse:leap:15.2CVE-2021-28971openSUSE Leap 15.2
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
ModerateCVE-2021-28971SUSE bug 1184196cpe:/o:opensuse:leap:15.2CVE-2021-28972openSUSE Leap 15.2
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
ModerateCVE-2021-28972SUSE bug 1184198cpe:/o:opensuse:leap:15.2CVE-2021-29133openSUSE Leap 15.2
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.
ModerateCVE-2021-29133SUSE bug 1187671cpe:/o:opensuse:leap:15.2CVE-2021-29136openSUSE Leap 15.2
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.
ImportantCVE-2021-29136SUSE bug 1184147cpe:/o:opensuse:leap:15.2CVE-2021-29154openSUSE Leap 15.2
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
ImportantCVE-2021-29154SUSE bug 1184391SUSE bug 1184710SUSE bug 1186408cpe:/o:opensuse:leap:15.2CVE-2021-29155openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
ModerateCVE-2021-29155SUSE bug 1184942cpe:/o:opensuse:leap:15.2CVE-2021-29157openSUSE Leap 15.2
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.
ModerateCVE-2021-29157SUSE bug 1187418cpe:/o:opensuse:leap:15.2CVE-2021-29264openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.
ModerateCVE-2021-29264SUSE bug 1184168cpe:/o:opensuse:leap:15.2CVE-2021-29265openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
ModerateCVE-2021-29265SUSE bug 1184167cpe:/o:opensuse:leap:15.2CVE-2021-29425openSUSE Leap 15.2
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
ModerateCVE-2021-29425SUSE bug 1184755cpe:/o:opensuse:leap:15.2CVE-2021-29472openSUSE Leap 15.2
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue.
ModerateCVE-2021-29472SUSE bug 1185376cpe:/o:opensuse:leap:15.2CVE-2021-29477openSUSE Leap 15.2
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
ImportantCVE-2021-29477SUSE bug 1185729SUSE bug 1186722cpe:/o:opensuse:leap:15.2CVE-2021-29478openSUSE Leap 15.2
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.
ImportantCVE-2021-29478SUSE bug 1185728SUSE bug 1185730cpe:/o:opensuse:leap:15.2CVE-2021-29505openSUSE Leap 15.2
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
ImportantCVE-2021-29505SUSE bug 1186651cpe:/o:opensuse:leap:15.2CVE-2021-29622openSUSE Leap 15.2
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.
ModerateCVE-2021-29622SUSE bug 1186242cpe:/o:opensuse:leap:15.2CVE-2021-29647openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
ModerateCVE-2021-29647SUSE bug 1184192cpe:/o:opensuse:leap:15.2CVE-2021-29650openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
ModerateCVE-2021-29650SUSE bug 1184208cpe:/o:opensuse:leap:15.2CVE-2021-29945openSUSE Leap 15.2
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-29945SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-29946openSUSE Leap 15.2
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-29946SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-29948openSUSE Leap 15.2
Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.
ImportantCVE-2021-29948SUSE bug 1184960cpe:/o:opensuse:leap:15.2CVE-2021-29951openSUSE Leap 15.2
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.
ModerateCVE-2021-29951SUSE bug 1185633cpe:/o:opensuse:leap:15.2CVE-2021-29964openSUSE Leap 15.2
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
ModerateCVE-2021-29964SUSE bug 1186696cpe:/o:opensuse:leap:15.2CVE-2021-29967openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
ModerateCVE-2021-29967SUSE bug 1186696cpe:/o:opensuse:leap:15.2CVE-2021-29969openSUSE Leap 15.2
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.
ImportantCVE-2021-29969cpe:/o:opensuse:leap:15.2CVE-2021-29970openSUSE Leap 15.2
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
ImportantCVE-2021-29970SUSE bug 1188275cpe:/o:opensuse:leap:15.2CVE-2021-29976openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
ImportantCVE-2021-29976SUSE bug 1188275cpe:/o:opensuse:leap:15.2CVE-2021-29980openSUSE Leap 15.2
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29980cpe:/o:opensuse:leap:15.2CVE-2021-29981openSUSE Leap 15.2
An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.
ModerateCVE-2021-29981SUSE bug 1189631cpe:/o:opensuse:leap:15.2CVE-2021-29982openSUSE Leap 15.2
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.
ModerateCVE-2021-29982SUSE bug 1189630cpe:/o:opensuse:leap:15.2CVE-2021-29983openSUSE Leap 15.2
Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91.
LowCVE-2021-29983cpe:/o:opensuse:leap:15.2CVE-2021-29984openSUSE Leap 15.2
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29984cpe:/o:opensuse:leap:15.2CVE-2021-29985openSUSE Leap 15.2
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29985cpe:/o:opensuse:leap:15.2CVE-2021-29986openSUSE Leap 15.2
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29986cpe:/o:opensuse:leap:15.2CVE-2021-29987openSUSE Leap 15.2
After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.
ModerateCVE-2021-29987SUSE bug 1189629cpe:/o:opensuse:leap:15.2CVE-2021-29988openSUSE Leap 15.2
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29988cpe:/o:opensuse:leap:15.2CVE-2021-29989openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29989cpe:/o:opensuse:leap:15.2CVE-2021-29990openSUSE Leap 15.2
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.
ModerateCVE-2021-29990SUSE bug 1189628cpe:/o:opensuse:leap:15.2CVE-2021-29991openSUSE Leap 15.2
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.
ImportantCVE-2021-29991SUSE bug 1189547cpe:/o:opensuse:leap:15.2CVE-2021-30002openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
ModerateCVE-2021-30002SUSE bug 1184120cpe:/o:opensuse:leap:15.2CVE-2021-30004openSUSE Leap 15.2
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
ModerateCVE-2021-30004SUSE bug 1184348cpe:/o:opensuse:leap:15.2CVE-2021-30145openSUSE Leap 15.2
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
ModerateCVE-2021-30145SUSE bug 1186230cpe:/o:opensuse:leap:15.2CVE-2021-3020openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ImportantCVE-2021-3020SUSE bug 1180571cpe:/o:opensuse:leap:15.2CVE-2021-30465openSUSE Leap 15.2
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
ImportantCVE-2021-30465SUSE bug 1185405SUSE bug 1189161cpe:/o:opensuse:leap:15.2CVE-2021-30474openSUSE Leap 15.2
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
ImportantCVE-2021-30474SUSE bug 1186799cpe:/o:opensuse:leap:15.2CVE-2021-30475openSUSE Leap 15.2
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
ImportantCVE-2021-30475SUSE bug 1189497cpe:/o:opensuse:leap:15.2CVE-2021-30485openSUSE Leap 15.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
ModerateCVE-2021-30485SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-30506openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
ModerateCVE-2021-30506SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30507openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
ModerateCVE-2021-30507SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30508openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30508SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30509openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.
ModerateCVE-2021-30509SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30510openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30510SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30511openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
ModerateCVE-2021-30511SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30512openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30512SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30513openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30513SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30514openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30514SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30515openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30515SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30516openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30516SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30517openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30517SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30518openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30518SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30519openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30519SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30520openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30520SUSE bug 1185908cpe:/o:opensuse:leap:15.2CVE-2021-30521openSUSE Leap 15.2
Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2021-30521SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30522openSUSE Leap 15.2
Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30522SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30523openSUSE Leap 15.2
Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
ModerateCVE-2021-30523SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30524openSUSE Leap 15.2
Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30524SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30525openSUSE Leap 15.2
Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30525SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30526openSUSE Leap 15.2
Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
ModerateCVE-2021-30526SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30527openSUSE Leap 15.2
Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30527SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30528openSUSE Leap 15.2
Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30528SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30529openSUSE Leap 15.2
Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30529SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30530openSUSE Leap 15.2
Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2021-30530SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30531openSUSE Leap 15.2
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
ModerateCVE-2021-30531SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30532openSUSE Leap 15.2
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
ModerateCVE-2021-30532SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30533openSUSE Leap 15.2
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
ModerateCVE-2021-30533SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30534openSUSE Leap 15.2
Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-30534SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30535openSUSE Leap 15.2
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30535SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30536openSUSE Leap 15.2
Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
ModerateCVE-2021-30536SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30537openSUSE Leap 15.2
Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.
ModerateCVE-2021-30537SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30538openSUSE Leap 15.2
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
ModerateCVE-2021-30538SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30539openSUSE Leap 15.2
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
ModerateCVE-2021-30539SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30540openSUSE Leap 15.2
Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
ModerateCVE-2021-30540SUSE bug 1186458cpe:/o:opensuse:leap:15.2CVE-2021-30541openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30541SUSE bug 1188373cpe:/o:opensuse:leap:15.2CVE-2021-30544openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30544SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30545openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30545SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30546openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30546SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30547openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
ImportantCVE-2021-30547SUSE bug 1187141SUSE bug 1188275cpe:/o:opensuse:leap:15.2CVE-2021-30548openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30548SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30549openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30549SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30550openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30550SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30551openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30551SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30552openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30552SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30553openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2021-30553SUSE bug 1187141cpe:/o:opensuse:leap:15.2CVE-2021-30554openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30554SUSE bug 1187481cpe:/o:opensuse:leap:15.2CVE-2021-30555openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.
ModerateCVE-2021-30555SUSE bug 1187481cpe:/o:opensuse:leap:15.2CVE-2021-30556openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30556SUSE bug 1187481cpe:/o:opensuse:leap:15.2CVE-2021-30557openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30557SUSE bug 1187481cpe:/o:opensuse:leap:15.2CVE-2021-30559openSUSE Leap 15.2
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30559SUSE bug 1188373cpe:/o:opensuse:leap:15.2CVE-2021-30560openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30560SUSE bug 1188373cpe:/o:opensuse:leap:15.2CVE-2021-30561openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30561SUSE bug 1188373cpe:/o:opensuse:leap:15.2CVE-2021-30562openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30562SUSE bug 1188373cpe:/o:opensuse:leap:15.2CVE-2021-30563openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30563SUSE bug 1188373cpe:/o:opensuse:leap:15.2CVE-2021-30564openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30564SUSE bug 1188373cpe:/o:opensuse:leap:15.2CVE-2021-30565openSUSE Leap 15.2
Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
ModerateCVE-2021-30565cpe:/o:opensuse:leap:15.2CVE-2021-30566openSUSE Leap 15.2
Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.
ModerateCVE-2021-30566cpe:/o:opensuse:leap:15.2CVE-2021-30567openSUSE Leap 15.2
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.
ModerateCVE-2021-30567cpe:/o:opensuse:leap:15.2CVE-2021-30568openSUSE Leap 15.2
Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30568cpe:/o:opensuse:leap:15.2CVE-2021-30569openSUSE Leap 15.2
Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30569cpe:/o:opensuse:leap:15.2CVE-2021-30571openSUSE Leap 15.2
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-30571cpe:/o:opensuse:leap:15.2CVE-2021-30572openSUSE Leap 15.2
Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30572cpe:/o:opensuse:leap:15.2CVE-2021-30573openSUSE Leap 15.2
Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30573cpe:/o:opensuse:leap:15.2CVE-2021-30574openSUSE Leap 15.2
Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30574cpe:/o:opensuse:leap:15.2CVE-2021-30575openSUSE Leap 15.2
Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30575cpe:/o:opensuse:leap:15.2CVE-2021-30576openSUSE Leap 15.2
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30576cpe:/o:opensuse:leap:15.2CVE-2021-30577openSUSE Leap 15.2
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
ModerateCVE-2021-30577cpe:/o:opensuse:leap:15.2CVE-2021-30578openSUSE Leap 15.2
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
ModerateCVE-2021-30578cpe:/o:opensuse:leap:15.2CVE-2021-30579openSUSE Leap 15.2
Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30579cpe:/o:opensuse:leap:15.2CVE-2021-30581openSUSE Leap 15.2
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30581cpe:/o:opensuse:leap:15.2CVE-2021-30582openSUSE Leap 15.2
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-30582cpe:/o:opensuse:leap:15.2CVE-2021-30584openSUSE Leap 15.2
Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
ModerateCVE-2021-30584cpe:/o:opensuse:leap:15.2CVE-2021-30585openSUSE Leap 15.2
Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30585cpe:/o:opensuse:leap:15.2CVE-2021-30588openSUSE Leap 15.2
Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
LowCVE-2021-30588cpe:/o:opensuse:leap:15.2CVE-2021-30589openSUSE Leap 15.2
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
ModerateCVE-2021-30589cpe:/o:opensuse:leap:15.2CVE-2021-30590openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30590SUSE bug 1189006cpe:/o:opensuse:leap:15.2CVE-2021-30591openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30591SUSE bug 1189006cpe:/o:opensuse:leap:15.2CVE-2021-30592openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
ModerateCVE-2021-30592SUSE bug 1189006cpe:/o:opensuse:leap:15.2CVE-2021-30593openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
ModerateCVE-2021-30593SUSE bug 1189006cpe:/o:opensuse:leap:15.2CVE-2021-30594openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
ModerateCVE-2021-30594SUSE bug 1189006cpe:/o:opensuse:leap:15.2CVE-2021-30596openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-30596SUSE bug 1189006cpe:/o:opensuse:leap:15.2CVE-2021-30597openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
ModerateCVE-2021-30597SUSE bug 1189006cpe:/o:opensuse:leap:15.2CVE-2021-30598openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
ModerateCVE-2021-30598SUSE bug 1189490cpe:/o:opensuse:leap:15.2CVE-2021-30599openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
ModerateCVE-2021-30599SUSE bug 1189490cpe:/o:opensuse:leap:15.2CVE-2021-30600openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30600SUSE bug 1189490cpe:/o:opensuse:leap:15.2CVE-2021-30601openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30601SUSE bug 1189490cpe:/o:opensuse:leap:15.2CVE-2021-30602openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30602SUSE bug 1189490cpe:/o:opensuse:leap:15.2CVE-2021-30603openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30603SUSE bug 1189490cpe:/o:opensuse:leap:15.2CVE-2021-30604openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30604SUSE bug 1189490cpe:/o:opensuse:leap:15.2CVE-2021-30606openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30606 Use after free in Blink
ModerateCVE-2021-30606SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30607openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30607 Use after free in Permissions
ModerateCVE-2021-30607SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30608openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30608 Use after free in Web Share
ModerateCVE-2021-30608SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30609openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30609 Use after free in Sign-In
ModerateCVE-2021-30609SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30610openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30610 Use after free in Extensions API
ModerateCVE-2021-30610SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30611openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30611 Use after free in WebRTC
ModerateCVE-2021-30611SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30612openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30612 Use after free in WebRTC
ModerateCVE-2021-30612SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30613openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30613 Use after free in Base internals
ModerateCVE-2021-30613SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30614openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
ModerateCVE-2021-30614SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30615openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
ModerateCVE-2021-30615SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30616openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30616 Use after free in Media
ModerateCVE-2021-30616SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30617openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30617 Policy bypass in Blink
ModerateCVE-2021-30617SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30618openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
ModerateCVE-2021-30618SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30619openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30619 UI Spoofing in Autofill
ModerateCVE-2021-30619SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30620openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
ModerateCVE-2021-30620SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30621openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30621 UI Spoofing in Autofill
ModerateCVE-2021-30621SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30622openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30622 Use after free in WebApp Installs
ModerateCVE-2021-30622SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30623openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30623 Use after free in Bookmarks
ModerateCVE-2021-30623SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30624openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Chromium: CVE-2021-30624 Use after free in Autofill
ModerateCVE-2021-30624SUSE bug 1190096cpe:/o:opensuse:leap:15.2CVE-2021-30625openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30625SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30626openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30626SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30627openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30627SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30628openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
ModerateCVE-2021-30628SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30629openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30629SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30630openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-30630SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30631openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
ModerateCVE-2021-30631SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30632openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-30632SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30633openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-30633SUSE bug 1190476cpe:/o:opensuse:leap:15.2CVE-2021-30640openSUSE Leap 15.2
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
ModerateCVE-2021-30640SUSE bug 1188279cpe:/o:opensuse:leap:15.2CVE-2021-30641openSUSE Leap 15.2
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
ModerateCVE-2021-30641SUSE bug 1187174cpe:/o:opensuse:leap:15.2CVE-2021-30663openSUSE Leap 15.2
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-30663SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30665openSUSE Leap 15.2
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
ImportantCVE-2021-30665SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30689openSUSE Leap 15.2
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2021-30689SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30720openSUSE Leap 15.2
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.
ImportantCVE-2021-30720SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30734openSUSE Leap 15.2
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-30734SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30744openSUSE Leap 15.2
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2021-30744SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30749openSUSE Leap 15.2
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-30749SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30758openSUSE Leap 15.2
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-30758SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30795openSUSE Leap 15.2
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-30795SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30797openSUSE Leap 15.2
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.
ImportantCVE-2021-30797SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30799openSUSE Leap 15.2
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-30799SUSE bug 1188697cpe:/o:opensuse:leap:15.2CVE-2021-30846openSUSE Leap 15.2
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2021-30846SUSE bug 1192063cpe:/o:opensuse:leap:15.2CVE-2021-30851openSUSE Leap 15.2
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.
ImportantCVE-2021-30851SUSE bug 1192063cpe:/o:opensuse:leap:15.2CVE-2021-30858openSUSE Leap 15.2
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
ImportantCVE-2021-30858SUSE bug 1190701SUSE bug 1191298SUSE bug 1191301cpe:/o:opensuse:leap:15.2CVE-2021-3114openSUSE Leap 15.2
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
ModerateCVE-2021-3114SUSE bug 1181145cpe:/o:opensuse:leap:15.2CVE-2021-3115openSUSE Leap 15.2
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
ImportantCVE-2021-3115SUSE bug 1181146cpe:/o:opensuse:leap:15.2CVE-2021-31215openSUSE Leap 15.2
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
ImportantCVE-2021-31215SUSE bug 1186024cpe:/o:opensuse:leap:15.2CVE-2021-31229openSUSE Leap 15.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
ModerateCVE-2021-31229SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-31347openSUSE Leap 15.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
ModerateCVE-2021-31347SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-31348openSUSE Leap 15.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
ModerateCVE-2021-31348SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-3139openSUSE Leap 15.2
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.
ImportantCVE-2021-3139SUSE bug 1178684SUSE bug 1180676cpe:/o:opensuse:leap:15.2CVE-2021-3144openSUSE Leap 15.2
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
ImportantCVE-2021-3144SUSE bug 1181550SUSE bug 1181562cpe:/o:opensuse:leap:15.2CVE-2021-3148openSUSE Leap 15.2
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
ImportantCVE-2021-3148SUSE bug 1181550SUSE bug 1181558cpe:/o:opensuse:leap:15.2CVE-2021-31525openSUSE Leap 15.2
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
ModerateCVE-2021-31525SUSE bug 1185790cpe:/o:opensuse:leap:15.2CVE-2021-31535openSUSE Leap 15.2
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
ImportantCVE-2021-31535SUSE bug 1182506SUSE bug 1191879cpe:/o:opensuse:leap:15.2CVE-2021-3156openSUSE Leap 15.2
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
ImportantCVE-2021-3156SUSE bug 1180684SUSE bug 1181090SUSE bug 1181506SUSE bug 1181657SUSE bug 1183936cpe:/o:opensuse:leap:15.2CVE-2021-31598openSUSE Leap 15.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
ModerateCVE-2021-31598SUSE bug 1191856cpe:/o:opensuse:leap:15.2CVE-2021-31607openSUSE Leap 15.2
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
ImportantCVE-2021-31607SUSE bug 1185281cpe:/o:opensuse:leap:15.2CVE-2021-31618openSUSE Leap 15.2
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.
ImportantCVE-2021-31618SUSE bug 1186924cpe:/o:opensuse:leap:15.2CVE-2021-3177openSUSE Leap 15.2
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
ModerateCVE-2021-3177SUSE bug 1181126cpe:/o:opensuse:leap:15.2CVE-2021-31799openSUSE Leap 15.2
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
ImportantCVE-2021-31799SUSE bug 1190375SUSE bug 1196771cpe:/o:opensuse:leap:15.2CVE-2021-31806openSUSE Leap 15.2
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
ModerateCVE-2021-31806SUSE bug 1185916cpe:/o:opensuse:leap:15.2CVE-2021-3181openSUSE Leap 15.2
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
ModerateCVE-2021-3181SUSE bug 1181221SUSE bug 1181505cpe:/o:opensuse:leap:15.2CVE-2021-31810openSUSE Leap 15.2
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
ImportantCVE-2021-31810SUSE bug 1188161SUSE bug 1193383cpe:/o:opensuse:leap:15.2CVE-2021-3185openSUSE Leap 15.2
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
ImportantCVE-2021-3185SUSE bug 1181255cpe:/o:opensuse:leap:15.2CVE-2021-31916openSUSE Leap 15.2
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-31916SUSE bug 1192781cpe:/o:opensuse:leap:15.2CVE-2021-3197openSUSE Leap 15.2
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
ImportantCVE-2021-3197SUSE bug 1181550SUSE bug 1181564cpe:/o:opensuse:leap:15.2CVE-2021-31998openSUSE Leap 15.2
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
ImportantCVE-2021-31998SUSE bug 1182321SUSE bug 1189836cpe:/o:opensuse:leap:15.2CVE-2021-32027openSUSE Leap 15.2
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-32027SUSE bug 1185924cpe:/o:opensuse:leap:15.2CVE-2021-32028openSUSE Leap 15.2
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
ModerateCVE-2021-32028SUSE bug 1185925cpe:/o:opensuse:leap:15.2CVE-2021-32066openSUSE Leap 15.2
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
ImportantCVE-2021-32066SUSE bug 1188160SUSE bug 1196771cpe:/o:opensuse:leap:15.2CVE-2021-32280openSUSE Leap 15.2
An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.
ModerateCVE-2021-32280SUSE bug 1192019cpe:/o:opensuse:leap:15.2CVE-2021-32399openSUSE Leap 15.2
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
ImportantCVE-2021-32399SUSE bug 1184611SUSE bug 1185898SUSE bug 1185899SUSE bug 1196174cpe:/o:opensuse:leap:15.2CVE-2021-3246openSUSE Leap 15.2
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
CriticalCVE-2021-3246SUSE bug 1188540cpe:/o:opensuse:leap:15.2CVE-2021-32490openSUSE Leap 15.2
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
ImportantCVE-2021-32490SUSE bug 1185895cpe:/o:opensuse:leap:15.2CVE-2021-32491openSUSE Leap 15.2
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.
ImportantCVE-2021-32491SUSE bug 1185900cpe:/o:opensuse:leap:15.2CVE-2021-32492openSUSE Leap 15.2
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
ImportantCVE-2021-32492SUSE bug 1185904cpe:/o:opensuse:leap:15.2CVE-2021-32493openSUSE Leap 15.2
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
ImportantCVE-2021-32493SUSE bug 1185905cpe:/o:opensuse:leap:15.2CVE-2021-32625openSUSE Leap 15.2
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
ImportantCVE-2021-32625SUSE bug 1186722cpe:/o:opensuse:leap:15.2CVE-2021-32678openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.
ModerateCVE-2021-32678SUSE bug 1188247cpe:/o:opensuse:leap:15.2CVE-2021-32679openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.
ModerateCVE-2021-32679SUSE bug 1188248cpe:/o:opensuse:leap:15.2CVE-2021-32680openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.
LowCVE-2021-32680SUSE bug 1188249cpe:/o:opensuse:leap:15.2CVE-2021-32688openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading.
ImportantCVE-2021-32688SUSE bug 1188250cpe:/o:opensuse:leap:15.2CVE-2021-32703openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
ModerateCVE-2021-32703SUSE bug 1188251cpe:/o:opensuse:leap:15.2CVE-2021-32705openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
ModerateCVE-2021-32705SUSE bug 1188252cpe:/o:opensuse:leap:15.2CVE-2021-32718openSUSE Leap 15.2
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
LowCVE-2021-32718SUSE bug 1187818cpe:/o:opensuse:leap:15.2CVE-2021-32719openSUSE Leap 15.2
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
LowCVE-2021-32719SUSE bug 1187819cpe:/o:opensuse:leap:15.2CVE-2021-3272openSUSE Leap 15.2
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
ModerateCVE-2021-3272SUSE bug 1181483cpe:/o:opensuse:leap:15.2CVE-2021-32725openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
LowCVE-2021-32725SUSE bug 1188253cpe:/o:opensuse:leap:15.2CVE-2021-32726openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
LowCVE-2021-32726SUSE bug 1188254cpe:/o:opensuse:leap:15.2CVE-2021-32734openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
LowCVE-2021-32734SUSE bug 1188255cpe:/o:opensuse:leap:15.2CVE-2021-32739openSUSE Leap 15.2
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects.
ModerateCVE-2021-32739SUSE bug 1188372cpe:/o:opensuse:leap:15.2CVE-2021-32741openSUSE Leap 15.2
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
LowCVE-2021-32741SUSE bug 1188256cpe:/o:opensuse:leap:15.2CVE-2021-32743openSUSE Leap 15.2
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule.
ModerateCVE-2021-32743SUSE bug 1188370cpe:/o:opensuse:leap:15.2CVE-2021-32749openSUSE Leap 15.2
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually.
ModerateCVE-2021-32749SUSE bug 1188610cpe:/o:opensuse:leap:15.2CVE-2021-32760openSUSE Leap 15.2
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.
ModerateCVE-2021-32760SUSE bug 1188282cpe:/o:opensuse:leap:15.2CVE-2021-32765openSUSE Leap 15.2
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.
ImportantCVE-2021-32765SUSE bug 1191331cpe:/o:opensuse:leap:15.2CVE-2021-32766openSUSE Leap 15.2
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings.
ImportantCVE-2021-32766SUSE bug 1190291cpe:/o:opensuse:leap:15.2CVE-2021-32785openSUSE Leap 15.2
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.
ModerateCVE-2021-32785SUSE bug 1188638cpe:/o:opensuse:leap:15.2CVE-2021-32786openSUSE Leap 15.2
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.
ModerateCVE-2021-32786SUSE bug 1188639cpe:/o:opensuse:leap:15.2CVE-2021-32791openSUSE Leap 15.2
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
ModerateCVE-2021-32791SUSE bug 1188849cpe:/o:opensuse:leap:15.2CVE-2021-32792openSUSE Leap 15.2
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
LowCVE-2021-32792SUSE bug 1188848cpe:/o:opensuse:leap:15.2CVE-2021-32800openSUSE Leap 15.2
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.
ImportantCVE-2021-32800SUSE bug 1190291cpe:/o:opensuse:leap:15.2CVE-2021-32801openSUSE Leap 15.2
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.
ImportantCVE-2021-32801SUSE bug 1190291cpe:/o:opensuse:leap:15.2CVE-2021-32802openSUSE Leap 15.2
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`.
ImportantCVE-2021-32802SUSE bug 1190291cpe:/o:opensuse:leap:15.2CVE-2021-32810openSUSE Leap 15.2
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
CriticalCVE-2021-32810SUSE bug 1191332cpe:/o:opensuse:leap:15.2CVE-2021-32917openSUSE Leap 15.2
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.
ModerateCVE-2021-32917SUSE bug 1186027cpe:/o:opensuse:leap:15.2CVE-2021-32918openSUSE Leap 15.2
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
ModerateCVE-2021-32918SUSE bug 1186027cpe:/o:opensuse:leap:15.2CVE-2021-32919openSUSE Leap 15.2
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).
ModerateCVE-2021-32919SUSE bug 1186027cpe:/o:opensuse:leap:15.2CVE-2021-32920openSUSE Leap 15.2
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.
ModerateCVE-2021-32920SUSE bug 1186027cpe:/o:opensuse:leap:15.2CVE-2021-33033openSUSE Leap 15.2
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
ModerateCVE-2021-33033SUSE bug 1186109SUSE bug 1186283SUSE bug 1188876cpe:/o:opensuse:leap:15.2CVE-2021-33034openSUSE Leap 15.2
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
ImportantCVE-2021-33034SUSE bug 1186111SUSE bug 1186285cpe:/o:opensuse:leap:15.2CVE-2021-33037openSUSE Leap 15.2
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
ModerateCVE-2021-33037SUSE bug 1188278cpe:/o:opensuse:leap:15.2CVE-2021-33038openSUSE Leap 15.2
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.
ImportantCVE-2021-33038SUSE bug 1186575cpe:/o:opensuse:leap:15.2CVE-2021-3308openSUSE Leap 15.2
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.
ModerateCVE-2021-3308SUSE bug 1181254cpe:/o:opensuse:leap:15.2CVE-2021-33193openSUSE Leap 15.2
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
CriticalCVE-2021-33193SUSE bug 1189387SUSE bug 1195686cpe:/o:opensuse:leap:15.2CVE-2021-33195openSUSE Leap 15.2
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
ModerateCVE-2021-33195SUSE bug 1187443cpe:/o:opensuse:leap:15.2CVE-2021-33196openSUSE Leap 15.2
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
ImportantCVE-2021-33196SUSE bug 1186622SUSE bug 1190589cpe:/o:opensuse:leap:15.2CVE-2021-33197openSUSE Leap 15.2
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
ModerateCVE-2021-33197SUSE bug 1187444cpe:/o:opensuse:leap:15.2CVE-2021-33198openSUSE Leap 15.2
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
ImportantCVE-2021-33198SUSE bug 1187445cpe:/o:opensuse:leap:15.2CVE-2021-33200openSUSE Leap 15.2
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
ImportantCVE-2021-33200SUSE bug 1186484SUSE bug 1186498cpe:/o:opensuse:leap:15.2CVE-2021-3326openSUSE Leap 15.2
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
ModerateCVE-2021-3326SUSE bug 1181505cpe:/o:opensuse:leap:15.2CVE-2021-33285openSUSE Leap 15.2
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.
ModerateCVE-2021-33285cpe:/o:opensuse:leap:15.2CVE-2021-33286openSUSE Leap 15.2
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
ModerateCVE-2021-33286cpe:/o:opensuse:leap:15.2CVE-2021-33287openSUSE Leap 15.2
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
ModerateCVE-2021-33287cpe:/o:opensuse:leap:15.2CVE-2021-33289openSUSE Leap 15.2
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
ModerateCVE-2021-33289cpe:/o:opensuse:leap:15.2CVE-2021-3347openSUSE Leap 15.2
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
ImportantCVE-2021-3347SUSE bug 1181349SUSE bug 1181553SUSE bug 1190859cpe:/o:opensuse:leap:15.2CVE-2021-3348openSUSE Leap 15.2
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
ModerateCVE-2021-3348SUSE bug 1181504SUSE bug 1181645cpe:/o:opensuse:leap:15.2CVE-2021-33515openSUSE Leap 15.2
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
ModerateCVE-2021-33515SUSE bug 1187419cpe:/o:opensuse:leap:15.2CVE-2021-33516openSUSE Leap 15.2
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
CriticalCVE-2021-33516SUSE bug 1186590cpe:/o:opensuse:leap:15.2CVE-2021-33560openSUSE Leap 15.2
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
ImportantCVE-2021-33560SUSE bug 1187212SUSE bug 1189854SUSE bug 1199664cpe:/o:opensuse:leap:15.2CVE-2021-33574openSUSE Leap 15.2
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
ModerateCVE-2021-33574SUSE bug 1186489SUSE bug 1189426SUSE bug 1192788SUSE bug 1196766cpe:/o:opensuse:leap:15.2CVE-2021-33624openSUSE Leap 15.2
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
ModerateCVE-2021-33624SUSE bug 1187554cpe:/o:opensuse:leap:15.2CVE-2021-33813openSUSE Leap 15.2
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
ImportantCVE-2021-33813SUSE bug 1187446cpe:/o:opensuse:leap:15.2CVE-2021-33909openSUSE Leap 15.2
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
ImportantCVE-2021-33909SUSE bug 1188062SUSE bug 1188063SUSE bug 1188257SUSE bug 1190859cpe:/o:opensuse:leap:15.2CVE-2021-33910openSUSE Leap 15.2
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
ModerateCVE-2021-33910SUSE bug 1188062SUSE bug 1188063cpe:/o:opensuse:leap:15.2CVE-2021-3393openSUSE Leap 15.2
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
LowCVE-2021-3393SUSE bug 1182040cpe:/o:opensuse:leap:15.2CVE-2021-3416openSUSE Leap 15.2
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
LowCVE-2021-3416SUSE bug 1182968SUSE bug 1186473cpe:/o:opensuse:leap:15.2CVE-2021-3419openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
ModerateCVE-2021-3419SUSE bug 1182968SUSE bug 1182975cpe:/o:opensuse:leap:15.2CVE-2021-3421openSUSE Leap 15.2
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
ModerateCVE-2021-3421SUSE bug 1183543cpe:/o:opensuse:leap:15.2CVE-2021-3428openSUSE Leap 15.2
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
ModerateCVE-2021-3428SUSE bug 1173485SUSE bug 1183509cpe:/o:opensuse:leap:15.2CVE-2021-3444openSUSE Leap 15.2
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
ImportantCVE-2021-3444SUSE bug 1184170SUSE bug 1184171cpe:/o:opensuse:leap:15.2CVE-2021-3448openSUSE Leap 15.2
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
ModerateCVE-2021-3448SUSE bug 1183709cpe:/o:opensuse:leap:15.2CVE-2021-3449openSUSE Leap 15.2
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
ImportantCVE-2021-3449SUSE bug 1183852cpe:/o:opensuse:leap:15.2CVE-2021-3450openSUSE Leap 15.2
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
ImportantCVE-2021-3450SUSE bug 1183851SUSE bug 1188549cpe:/o:opensuse:leap:15.2CVE-2021-34548openSUSE Leap 15.2
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
ModerateCVE-2021-34548SUSE bug 1187322cpe:/o:opensuse:leap:15.2CVE-2021-34549openSUSE Leap 15.2
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
ModerateCVE-2021-34549SUSE bug 1187324cpe:/o:opensuse:leap:15.2CVE-2021-34550openSUSE Leap 15.2
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
ModerateCVE-2021-34550SUSE bug 1187325cpe:/o:opensuse:leap:15.2CVE-2021-34552openSUSE Leap 15.2
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
ImportantCVE-2021-34552SUSE bug 1188574cpe:/o:opensuse:leap:15.2CVE-2021-34556openSUSE Leap 15.2
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
ModerateCVE-2021-34556SUSE bug 1188983cpe:/o:opensuse:leap:15.2CVE-2021-34558openSUSE Leap 15.2
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
ModerateCVE-2021-34558SUSE bug 1188229cpe:/o:opensuse:leap:15.2CVE-2021-3465openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
ModerateCVE-2021-3465SUSE bug 1184699cpe:/o:opensuse:leap:15.2CVE-2021-3468openSUSE Leap 15.2
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
ModerateCVE-2021-3468SUSE bug 1184521cpe:/o:opensuse:leap:15.2CVE-2021-34693openSUSE Leap 15.2
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
ModerateCVE-2021-34693SUSE bug 1187452SUSE bug 1192868cpe:/o:opensuse:leap:15.2CVE-2021-3472openSUSE Leap 15.2
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-3472SUSE bug 1180128cpe:/o:opensuse:leap:15.2CVE-2021-3474openSUSE Leap 15.2
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
ModerateCVE-2021-3474SUSE bug 1184174cpe:/o:opensuse:leap:15.2CVE-2021-3475openSUSE Leap 15.2
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
ModerateCVE-2021-3475SUSE bug 1184173cpe:/o:opensuse:leap:15.2CVE-2021-3476openSUSE Leap 15.2
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
ModerateCVE-2021-3476SUSE bug 1184172cpe:/o:opensuse:leap:15.2CVE-2021-3477openSUSE Leap 15.2
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
ModerateCVE-2021-3477SUSE bug 1184353SUSE bug 1184354cpe:/o:opensuse:leap:15.2CVE-2021-3479openSUSE Leap 15.2
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
ImportantCVE-2021-3479SUSE bug 1184354SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-34798openSUSE Leap 15.2
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
ImportantCVE-2021-34798SUSE bug 1190669cpe:/o:opensuse:leap:15.2CVE-2021-3481openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2021-3481SUSE bug 1184783cpe:/o:opensuse:leap:15.2CVE-2021-3483openSUSE Leap 15.2
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected
ModerateCVE-2021-3483SUSE bug 1184393cpe:/o:opensuse:leap:15.2CVE-2021-3487openSUSE Leap 15.2
There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
ModerateCVE-2021-3487SUSE bug 1184620cpe:/o:opensuse:leap:15.2CVE-2021-3491openSUSE Leap 15.2
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).
ImportantCVE-2021-3491SUSE bug 1185642SUSE bug 1187090cpe:/o:opensuse:leap:15.2CVE-2021-3496openSUSE Leap 15.2
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
ModerateCVE-2021-3496SUSE bug 1184756cpe:/o:opensuse:leap:15.2CVE-2021-3497openSUSE Leap 15.2
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
ModerateCVE-2021-3497SUSE bug 1184739cpe:/o:opensuse:leap:15.2CVE-2021-3498openSUSE Leap 15.2
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
ModerateCVE-2021-3498SUSE bug 1184735cpe:/o:opensuse:leap:15.2CVE-2021-34981openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ImportantCVE-2021-34981SUSE bug 1191961SUSE bug 1192595SUSE bug 1196722cpe:/o:opensuse:leap:15.2CVE-2021-3500openSUSE Leap 15.2
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.
ImportantCVE-2021-3500SUSE bug 1186253cpe:/o:opensuse:leap:15.2CVE-2021-35039openSUSE Leap 15.2
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
ImportantCVE-2021-35039SUSE bug 1188080SUSE bug 1188126cpe:/o:opensuse:leap:15.2CVE-2021-3504openSUSE Leap 15.2
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3504SUSE bug 1185013cpe:/o:opensuse:leap:15.2CVE-2021-3509openSUSE Leap 15.2
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
ImportantCVE-2021-3509SUSE bug 1186021cpe:/o:opensuse:leap:15.2CVE-2021-3514openSUSE Leap 15.2
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
ModerateCVE-2021-3514SUSE bug 1185356cpe:/o:opensuse:leap:15.2CVE-2021-3516openSUSE Leap 15.2
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
ModerateCVE-2021-3516SUSE bug 1185409SUSE bug 1191860cpe:/o:opensuse:leap:15.2CVE-2021-3517openSUSE Leap 15.2
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
ImportantCVE-2021-3517SUSE bug 1185410SUSE bug 1191860SUSE bug 1194438SUSE bug 1196383cpe:/o:opensuse:leap:15.2CVE-2021-3518openSUSE Leap 15.2
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
ModerateCVE-2021-3518SUSE bug 1185408SUSE bug 1191860cpe:/o:opensuse:leap:15.2CVE-2021-3520openSUSE Leap 15.2
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
ImportantCVE-2021-3520SUSE bug 1185438cpe:/o:opensuse:leap:15.2CVE-2021-3524openSUSE Leap 15.2
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
ModerateCVE-2021-3524SUSE bug 1185619cpe:/o:opensuse:leap:15.2CVE-2021-35266openSUSE Leap 15.2
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
ModerateCVE-2021-35266cpe:/o:opensuse:leap:15.2CVE-2021-35267openSUSE Leap 15.2
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
ModerateCVE-2021-35267cpe:/o:opensuse:leap:15.2CVE-2021-35268openSUSE Leap 15.2
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
ModerateCVE-2021-35268cpe:/o:opensuse:leap:15.2CVE-2021-35269openSUSE Leap 15.2
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
ModerateCVE-2021-35269cpe:/o:opensuse:leap:15.2CVE-2021-3527openSUSE Leap 15.2
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
LowCVE-2021-3527SUSE bug 1186012cpe:/o:opensuse:leap:15.2CVE-2021-3531openSUSE Leap 15.2
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
ImportantCVE-2021-3531SUSE bug 1186020cpe:/o:opensuse:leap:15.2CVE-2021-3537openSUSE Leap 15.2
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
ImportantCVE-2021-3537SUSE bug 1185698cpe:/o:opensuse:leap:15.2CVE-2021-3541openSUSE Leap 15.2
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
ModerateCVE-2021-3541SUSE bug 1186015cpe:/o:opensuse:leap:15.2CVE-2021-3542openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ImportantCVE-2021-3542SUSE bug 1184673SUSE bug 1186063cpe:/o:opensuse:leap:15.2CVE-2021-3544openSUSE Leap 15.2
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.
ModerateCVE-2021-3544SUSE bug 1186010cpe:/o:opensuse:leap:15.2CVE-2021-3545openSUSE Leap 15.2
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
ModerateCVE-2021-3545SUSE bug 1185990cpe:/o:opensuse:leap:15.2CVE-2021-3546openSUSE Leap 15.2
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.
ModerateCVE-2021-3546SUSE bug 1185981cpe:/o:opensuse:leap:15.2CVE-2021-35477openSUSE Leap 15.2
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
ModerateCVE-2021-35477SUSE bug 1188985cpe:/o:opensuse:leap:15.2CVE-2021-35515openSUSE Leap 15.2
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
ImportantCVE-2021-35515SUSE bug 1188463cpe:/o:opensuse:leap:15.2CVE-2021-35516openSUSE Leap 15.2
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
ImportantCVE-2021-35516SUSE bug 1188464cpe:/o:opensuse:leap:15.2CVE-2021-35517openSUSE Leap 15.2
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
ImportantCVE-2021-35517SUSE bug 1188465SUSE bug 1188468cpe:/o:opensuse:leap:15.2CVE-2021-35538openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability does not apply to Windows systems. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
ModerateCVE-2021-35538SUSE bug 1191869cpe:/o:opensuse:leap:15.2CVE-2021-35540openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2021-35540SUSE bug 1191869cpe:/o:opensuse:leap:15.2CVE-2021-35542openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2021-35542SUSE bug 1191869cpe:/o:opensuse:leap:15.2CVE-2021-35545openSUSE Leap 15.2
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H).
ModerateCVE-2021-35545SUSE bug 1191869cpe:/o:opensuse:leap:15.2CVE-2021-35550openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2021-35550SUSE bug 1191901SUSE bug 1193314cpe:/o:opensuse:leap:15.2CVE-2021-35556openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35556SUSE bug 1191910cpe:/o:opensuse:leap:15.2CVE-2021-35559openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35559SUSE bug 1191911cpe:/o:opensuse:leap:15.2CVE-2021-35561openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35561SUSE bug 1191912cpe:/o:opensuse:leap:15.2CVE-2021-35564openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2021-35564SUSE bug 1191913cpe:/o:opensuse:leap:15.2CVE-2021-35565openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35565SUSE bug 1191909cpe:/o:opensuse:leap:15.2CVE-2021-35567openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
ModerateCVE-2021-35567SUSE bug 1191903cpe:/o:opensuse:leap:15.2CVE-2021-35578openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35578SUSE bug 1191904cpe:/o:opensuse:leap:15.2CVE-2021-35586openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35586SUSE bug 1191914SUSE bug 1194928cpe:/o:opensuse:leap:15.2CVE-2021-35588openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
LowCVE-2021-35588SUSE bug 1191905cpe:/o:opensuse:leap:15.2CVE-2021-3560openSUSE Leap 15.2
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-3560SUSE bug 1186497cpe:/o:opensuse:leap:15.2CVE-2021-35603openSUSE Leap 15.2
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
LowCVE-2021-35603SUSE bug 1191906cpe:/o:opensuse:leap:15.2CVE-2021-3561openSUSE Leap 15.2
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
ModerateCVE-2021-3561SUSE bug 1186329cpe:/o:opensuse:leap:15.2CVE-2021-3565openSUSE Leap 15.2
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
ModerateCVE-2021-3565SUSE bug 1186490cpe:/o:opensuse:leap:15.2CVE-2021-3567openSUSE Leap 15.2
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability.
ImportantCVE-2021-3567SUSE bug 1186617cpe:/o:opensuse:leap:15.2CVE-2021-3570openSUSE Leap 15.2
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
ImportantCVE-2021-3570SUSE bug 1187646cpe:/o:opensuse:leap:15.2CVE-2021-3572openSUSE Leap 15.2
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
ModerateCVE-2021-3572SUSE bug 1186819cpe:/o:opensuse:leap:15.2CVE-2021-3573openSUSE Leap 15.2
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
ImportantCVE-2021-3573SUSE bug 1186666SUSE bug 1187054SUSE bug 1188172cpe:/o:opensuse:leap:15.2CVE-2021-3578openSUSE Leap 15.2
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
ImportantCVE-2021-3578SUSE bug 1186939cpe:/o:opensuse:leap:15.2CVE-2021-3580openSUSE Leap 15.2
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
ImportantCVE-2021-3580SUSE bug 1187060SUSE bug 1187892cpe:/o:opensuse:leap:15.2CVE-2021-3582openSUSE Leap 15.2
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.
LowCVE-2021-3582SUSE bug 1187499cpe:/o:opensuse:leap:15.2CVE-2021-3592openSUSE Leap 15.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
LowCVE-2021-3592SUSE bug 1187364SUSE bug 1187369cpe:/o:opensuse:leap:15.2CVE-2021-3593openSUSE Leap 15.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
LowCVE-2021-3593SUSE bug 1187365cpe:/o:opensuse:leap:15.2CVE-2021-3594openSUSE Leap 15.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
LowCVE-2021-3594SUSE bug 1187367cpe:/o:opensuse:leap:15.2CVE-2021-35942openSUSE Leap 15.2
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
ModerateCVE-2021-35942SUSE bug 1187911SUSE bug 1192788cpe:/o:opensuse:leap:15.2CVE-2021-3595openSUSE Leap 15.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
LowCVE-2021-3595SUSE bug 1187366SUSE bug 1187376cpe:/o:opensuse:leap:15.2CVE-2021-3598openSUSE Leap 15.2
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
ModerateCVE-2021-3598SUSE bug 1187310cpe:/o:opensuse:leap:15.2CVE-2021-3605openSUSE Leap 15.2
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
ImportantCVE-2021-3605SUSE bug 1187395SUSE bug 1191176cpe:/o:opensuse:leap:15.2CVE-2021-3607openSUSE Leap 15.2
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
LowCVE-2021-3607SUSE bug 1187539cpe:/o:opensuse:leap:15.2CVE-2021-3608openSUSE Leap 15.2
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
LowCVE-2021-3608SUSE bug 1187538cpe:/o:opensuse:leap:15.2CVE-2021-3609openSUSE Leap 15.2
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
ImportantCVE-2021-3609SUSE bug 1187215SUSE bug 1188323SUSE bug 1188720SUSE bug 1190276SUSE bug 1196810cpe:/o:opensuse:leap:15.2CVE-2021-36090openSUSE Leap 15.2
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
ImportantCVE-2021-36090SUSE bug 1188466SUSE bug 1188469cpe:/o:opensuse:leap:15.2CVE-2021-3611openSUSE Leap 15.2
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
ModerateCVE-2021-3611SUSE bug 1187529SUSE bug 1193914cpe:/o:opensuse:leap:15.2CVE-2021-3612openSUSE Leap 15.2
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ModerateCVE-2021-3612SUSE bug 1187585cpe:/o:opensuse:leap:15.2CVE-2021-36160openSUSE Leap 15.2
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
ImportantCVE-2021-36160SUSE bug 1190702cpe:/o:opensuse:leap:15.2CVE-2021-3621openSUSE Leap 15.2
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ModerateCVE-2021-3621SUSE bug 1189492cpe:/o:opensuse:leap:15.2CVE-2021-3622openSUSE Leap 15.2
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3622SUSE bug 1189060cpe:/o:opensuse:leap:15.2CVE-2021-36221openSUSE Leap 15.2
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
ModerateCVE-2021-36221SUSE bug 1189162cpe:/o:opensuse:leap:15.2CVE-2021-36222openSUSE Leap 15.2
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
ImportantCVE-2021-36222SUSE bug 1188571cpe:/o:opensuse:leap:15.2CVE-2021-3630openSUSE Leap 15.2
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
ImportantCVE-2021-3630SUSE bug 1187869cpe:/o:opensuse:leap:15.2CVE-2021-3631openSUSE Leap 15.2
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
ModerateCVE-2021-3631SUSE bug 1187871cpe:/o:opensuse:leap:15.2CVE-2021-36386openSUSE Leap 15.2
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
ModerateCVE-2021-36386SUSE bug 1188875cpe:/o:opensuse:leap:15.2CVE-2021-3640openSUSE Leap 15.2
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
ImportantCVE-2021-3640SUSE bug 1188172SUSE bug 1188613SUSE bug 1191530SUSE bug 1196810SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2021-3652openSUSE Leap 15.2
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
ModerateCVE-2021-3652SUSE bug 1188455cpe:/o:opensuse:leap:15.2CVE-2021-3653openSUSE Leap 15.2
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
ImportantCVE-2021-3653SUSE bug 1189399SUSE bug 1189420SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2021-3655openSUSE Leap 15.2
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
ModerateCVE-2021-3655SUSE bug 1188563cpe:/o:opensuse:leap:15.2CVE-2021-3656openSUSE Leap 15.2
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
ImportantCVE-2021-3656SUSE bug 1189400SUSE bug 1189418cpe:/o:opensuse:leap:15.2CVE-2021-3659openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2021-3659SUSE bug 1188876cpe:/o:opensuse:leap:15.2CVE-2021-3667openSUSE Leap 15.2
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3667SUSE bug 1188843cpe:/o:opensuse:leap:15.2CVE-2021-3669openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2021-3669SUSE bug 1188986cpe:/o:opensuse:leap:15.2CVE-2021-3672openSUSE Leap 15.2
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
ImportantCVE-2021-3672SUSE bug 1188881SUSE bug 1193099cpe:/o:opensuse:leap:15.2CVE-2021-3679openSUSE Leap 15.2
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
ModerateCVE-2021-3679SUSE bug 1189057cpe:/o:opensuse:leap:15.2CVE-2021-3682openSUSE Leap 15.2
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
ModerateCVE-2021-3682SUSE bug 1189145cpe:/o:opensuse:leap:15.2CVE-2021-3711openSUSE Leap 15.2
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
CriticalCVE-2021-3711SUSE bug 1189520SUSE bug 1190129SUSE bug 1192100cpe:/o:opensuse:leap:15.2CVE-2021-3712openSUSE Leap 15.2
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
ModerateCVE-2021-3712SUSE bug 1189521SUSE bug 1190129SUSE bug 1191640SUSE bug 1192100SUSE bug 1192787SUSE bug 1194948cpe:/o:opensuse:leap:15.2CVE-2021-3713openSUSE Leap 15.2
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
ImportantCVE-2021-3713SUSE bug 1189702cpe:/o:opensuse:leap:15.2CVE-2021-3715openSUSE Leap 15.2
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-3715SUSE bug 1190349SUSE bug 1190350SUSE bug 1196722cpe:/o:opensuse:leap:15.2CVE-2021-37159openSUSE Leap 15.2
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
ModerateCVE-2021-37159SUSE bug 1188601cpe:/o:opensuse:leap:15.2CVE-2021-3732openSUSE Leap 15.2
A security issue was found in Linux kernel’s OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount.
ModerateCVE-2021-3732SUSE bug 1189706cpe:/o:opensuse:leap:15.2CVE-2021-3733openSUSE Leap 15.2
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
ModerateCVE-2021-3733SUSE bug 1189287cpe:/o:opensuse:leap:15.2CVE-2021-3737openSUSE Leap 15.2
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3737SUSE bug 1189241cpe:/o:opensuse:leap:15.2CVE-2021-3739openSUSE Leap 15.2
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3739SUSE bug 1189832cpe:/o:opensuse:leap:15.2CVE-2021-3743openSUSE Leap 15.2
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3743SUSE bug 1189883cpe:/o:opensuse:leap:15.2CVE-2021-3744openSUSE Leap 15.2
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
ModerateCVE-2021-3744SUSE bug 1189884SUSE bug 1190534cpe:/o:opensuse:leap:15.2CVE-2021-3748openSUSE Leap 15.2
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
ModerateCVE-2021-3748SUSE bug 1189938cpe:/o:opensuse:leap:15.2CVE-2021-3752openSUSE Leap 15.2
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-3752SUSE bug 1190023SUSE bug 1190432cpe:/o:opensuse:leap:15.2CVE-2021-3753openSUSE Leap 15.2
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
ModerateCVE-2021-3753SUSE bug 1190025cpe:/o:opensuse:leap:15.2CVE-2021-37576openSUSE Leap 15.2
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
ImportantCVE-2021-37576SUSE bug 1188838SUSE bug 1188842SUSE bug 1190276cpe:/o:opensuse:leap:15.2CVE-2021-3759openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2021-3759SUSE bug 1190115cpe:/o:opensuse:leap:15.2CVE-2021-3760openSUSE Leap 15.2
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
ModerateCVE-2021-3760SUSE bug 1190067cpe:/o:opensuse:leap:15.2CVE-2021-37600openSUSE Leap 15.2
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
ModerateCVE-2021-37600SUSE bug 1188921cpe:/o:opensuse:leap:15.2CVE-2021-3764openSUSE Leap 15.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
ModerateCVE-2021-3764SUSE bug 1190534SUSE bug 1194518cpe:/o:opensuse:leap:15.2CVE-2021-37701openSUSE Leap 15.2
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.
ImportantCVE-2021-37701SUSE bug 1190057cpe:/o:opensuse:leap:15.2CVE-2021-37712openSUSE Leap 15.2
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.
ImportantCVE-2021-37712SUSE bug 1190056cpe:/o:opensuse:leap:15.2CVE-2021-37713openSUSE Leap 15.2
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.
ImportantCVE-2021-37713SUSE bug 1190055cpe:/o:opensuse:leap:15.2CVE-2021-3772openSUSE Leap 15.2
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
ModerateCVE-2021-3772SUSE bug 1190351cpe:/o:opensuse:leap:15.2CVE-2021-37750openSUSE Leap 15.2
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
ModerateCVE-2021-37750SUSE bug 1189929cpe:/o:opensuse:leap:15.2CVE-2021-3781openSUSE Leap 15.2
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-3781SUSE bug 1190381SUSE bug 1191712cpe:/o:opensuse:leap:15.2CVE-2021-37956openSUSE Leap 15.2
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37956SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37957openSUSE Leap 15.2
Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37957SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37958openSUSE Leap 15.2
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
ModerateCVE-2021-37958SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37959openSUSE Leap 15.2
Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37959SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37960openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
ModerateCVE-2021-37960SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37961openSUSE Leap 15.2
Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37961SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37962openSUSE Leap 15.2
Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37962SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37963openSUSE Leap 15.2
Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
ModerateCVE-2021-37963SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37964openSUSE Leap 15.2
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.
ModerateCVE-2021-37964SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37965openSUSE Leap 15.2
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-37965SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37966openSUSE Leap 15.2
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-37966SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37967openSUSE Leap 15.2
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-37967SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37968openSUSE Leap 15.2
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-37968SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37969openSUSE Leap 15.2
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
ModerateCVE-2021-37969SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37970openSUSE Leap 15.2
Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37970SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37971openSUSE Leap 15.2
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-37971SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37972openSUSE Leap 15.2
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37972SUSE bug 1190765cpe:/o:opensuse:leap:15.2CVE-2021-37973openSUSE Leap 15.2
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-37973SUSE bug 1191166cpe:/o:opensuse:leap:15.2CVE-2021-37974openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37974SUSE bug 1191204cpe:/o:opensuse:leap:15.2CVE-2021-37975openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37975SUSE bug 1191204cpe:/o:opensuse:leap:15.2CVE-2021-37976openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ModerateCVE-2021-37976SUSE bug 1191204cpe:/o:opensuse:leap:15.2CVE-2021-37977openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37977SUSE bug 1191463cpe:/o:opensuse:leap:15.2CVE-2021-37978openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37978SUSE bug 1191463cpe:/o:opensuse:leap:15.2CVE-2021-37979openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37979SUSE bug 1191463cpe:/o:opensuse:leap:15.2CVE-2021-37980openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
ModerateCVE-2021-37980SUSE bug 1191463cpe:/o:opensuse:leap:15.2CVE-2021-37981openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-37981SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37982openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37982SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37983openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37983SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37984openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37984SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37985openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37985SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37986openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37986SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37987openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37987SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37988openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37988SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37989openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
ModerateCVE-2021-37989SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37990openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
ModerateCVE-2021-37990SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37991openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37991SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37992openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37992SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37993openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37993SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37994openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-37994SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37995openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-37995SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37996openSUSE Leap 15.2openSUSE Leap 15.2 NonFree
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
ModerateCVE-2021-37996SUSE bug 1191844cpe:/o:opensuse:leap:15.2CVE-2021-37997openSUSE Leap 15.2
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37997SUSE bug 1192184cpe:/o:opensuse:leap:15.2CVE-2021-37998openSUSE Leap 15.2
Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-37998SUSE bug 1192184cpe:/o:opensuse:leap:15.2CVE-2021-37999openSUSE Leap 15.2
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
ModerateCVE-2021-37999SUSE bug 1192184cpe:/o:opensuse:leap:15.2CVE-2021-38000openSUSE Leap 15.2
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
ModerateCVE-2021-38000SUSE bug 1192184cpe:/o:opensuse:leap:15.2CVE-2021-38001openSUSE Leap 15.2
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38001SUSE bug 1192184cpe:/o:opensuse:leap:15.2CVE-2021-38002openSUSE Leap 15.2
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-38002SUSE bug 1192184cpe:/o:opensuse:leap:15.2CVE-2021-38003openSUSE Leap 15.2
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38003SUSE bug 1192184cpe:/o:opensuse:leap:15.2CVE-2021-38005openSUSE Leap 15.2
Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38005SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38006openSUSE Leap 15.2
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38006SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38007openSUSE Leap 15.2
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38007SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38008openSUSE Leap 15.2
Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38008SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38009openSUSE Leap 15.2
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-38009SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38010openSUSE Leap 15.2
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
ModerateCVE-2021-38010SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38011openSUSE Leap 15.2
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38011SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38012openSUSE Leap 15.2
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38012SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38013openSUSE Leap 15.2
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-38013SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38014openSUSE Leap 15.2
Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-38014SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38015openSUSE Leap 15.2
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
ModerateCVE-2021-38015SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38016openSUSE Leap 15.2
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
ModerateCVE-2021-38016SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38017openSUSE Leap 15.2
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-38017SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38018openSUSE Leap 15.2
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
ModerateCVE-2021-38018SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38019openSUSE Leap 15.2
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-38019SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38020openSUSE Leap 15.2
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
ModerateCVE-2021-38020SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38021openSUSE Leap 15.2
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ModerateCVE-2021-38021SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38022openSUSE Leap 15.2
Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-38022SUSE bug 1192734cpe:/o:opensuse:leap:15.2CVE-2021-38160openSUSE Leap 15.2
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
ImportantCVE-2021-38160SUSE bug 1190117SUSE bug 1190118SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2021-38185openSUSE Leap 15.2
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
ImportantCVE-2021-38185SUSE bug 1189206SUSE bug 1189486SUSE bug 1192364SUSE bug 1193391cpe:/o:opensuse:leap:15.2CVE-2021-38198openSUSE Leap 15.2
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
ImportantCVE-2021-38198SUSE bug 1189262SUSE bug 1189278SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2021-38204openSUSE Leap 15.2
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
ModerateCVE-2021-38204SUSE bug 1189291cpe:/o:opensuse:leap:15.2CVE-2021-38205openSUSE Leap 15.2
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
LowCVE-2021-38205SUSE bug 1189292cpe:/o:opensuse:leap:15.2CVE-2021-38207openSUSE Leap 15.2
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
ModerateCVE-2021-38207SUSE bug 1189298cpe:/o:opensuse:leap:15.2CVE-2021-38297openSUSE Leap 15.2
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
ModerateCVE-2021-38297SUSE bug 1191468cpe:/o:opensuse:leap:15.2CVE-2021-38385openSUSE Leap 15.2
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
ModerateCVE-2021-38385SUSE bug 1189489cpe:/o:opensuse:leap:15.2CVE-2021-38492openSUSE Leap 15.2
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
ModerateCVE-2021-38492SUSE bug 1190269cpe:/o:opensuse:leap:15.2CVE-2021-38493openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
ModerateCVE-2021-38493SUSE bug 1190269cpe:/o:opensuse:leap:15.2CVE-2021-38495openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
ModerateCVE-2021-38495SUSE bug 1190269cpe:/o:opensuse:leap:15.2CVE-2021-38496openSUSE Leap 15.2
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
ModerateCVE-2021-38496SUSE bug 1191332cpe:/o:opensuse:leap:15.2CVE-2021-38497openSUSE Leap 15.2
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
ModerateCVE-2021-38497SUSE bug 1191332cpe:/o:opensuse:leap:15.2CVE-2021-38498openSUSE Leap 15.2
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
ModerateCVE-2021-38498SUSE bug 1191332cpe:/o:opensuse:leap:15.2CVE-2021-38500openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
ModerateCVE-2021-38500SUSE bug 1191332cpe:/o:opensuse:leap:15.2CVE-2021-38501openSUSE Leap 15.2
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
ModerateCVE-2021-38501SUSE bug 1191332cpe:/o:opensuse:leap:15.2CVE-2021-38502openSUSE Leap 15.2
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
ImportantCVE-2021-38502cpe:/o:opensuse:leap:15.2CVE-2021-38503openSUSE Leap 15.2
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38503SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-38504openSUSE Leap 15.2
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38504SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-38505openSUSE Leap 15.2
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38505SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-38506openSUSE Leap 15.2
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38506SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-38507openSUSE Leap 15.2
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38507SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-38508openSUSE Leap 15.2
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38508SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-38509openSUSE Leap 15.2
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38509SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-38510openSUSE Leap 15.2
The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38510SUSE bug 1192250cpe:/o:opensuse:leap:15.2CVE-2021-3896openSUSE Leap 15.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ModerateCVE-2021-3896SUSE bug 1191958cpe:/o:opensuse:leap:15.2CVE-2021-39134openSUSE Leap 15.2
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.
ImportantCVE-2021-39134SUSE bug 1190054cpe:/o:opensuse:leap:15.2CVE-2021-39135openSUSE Leap 15.2
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.
ImportantCVE-2021-39135SUSE bug 1190053cpe:/o:opensuse:leap:15.2CVE-2021-39139openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39139SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39140openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39140SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39141openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39141SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39144openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39144SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39145openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39145SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39146openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39146SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39147openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39147SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39148openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39148SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39149openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39149SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39150openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.
ImportantCVE-2021-39150SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39151openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39151SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39152openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.
ImportantCVE-2021-39152SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39153openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39153SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39154openSUSE Leap 15.2
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39154SUSE bug 1189798cpe:/o:opensuse:leap:15.2CVE-2021-39251openSUSE Leap 15.2
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39251cpe:/o:opensuse:leap:15.2CVE-2021-39252openSUSE Leap 15.2
A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39252cpe:/o:opensuse:leap:15.2CVE-2021-39253openSUSE Leap 15.2
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39253cpe:/o:opensuse:leap:15.2CVE-2021-39255openSUSE Leap 15.2
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39255cpe:/o:opensuse:leap:15.2CVE-2021-39256openSUSE Leap 15.2
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39256cpe:/o:opensuse:leap:15.2CVE-2021-39257openSUSE Leap 15.2
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39257cpe:/o:opensuse:leap:15.2CVE-2021-39258openSUSE Leap 15.2
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39258cpe:/o:opensuse:leap:15.2CVE-2021-39259openSUSE Leap 15.2
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39259cpe:/o:opensuse:leap:15.2CVE-2021-39260openSUSE Leap 15.2
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39260cpe:/o:opensuse:leap:15.2CVE-2021-39261openSUSE Leap 15.2
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39261cpe:/o:opensuse:leap:15.2CVE-2021-39262openSUSE Leap 15.2
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39262cpe:/o:opensuse:leap:15.2CVE-2021-39263openSUSE Leap 15.2
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
ModerateCVE-2021-39263cpe:/o:opensuse:leap:15.2CVE-2021-39272openSUSE Leap 15.2
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
ModerateCVE-2021-39272SUSE bug 1190069cpe:/o:opensuse:leap:15.2CVE-2021-39275openSUSE Leap 15.2
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
ImportantCVE-2021-39275SUSE bug 1190666cpe:/o:opensuse:leap:15.2CVE-2021-39293openSUSE Leap 15.2
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
ImportantCVE-2021-39293SUSE bug 1190589cpe:/o:opensuse:leap:15.2CVE-2021-3933openSUSE Leap 15.2
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
ModerateCVE-2021-3933SUSE bug 1192498cpe:/o:opensuse:leap:15.2CVE-2021-39365openSUSE Leap 15.2
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
ImportantCVE-2021-39365SUSE bug 1189839cpe:/o:opensuse:leap:15.2CVE-2021-3941openSUSE Leap 15.2
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
ModerateCVE-2021-3941SUSE bug 1192556cpe:/o:opensuse:leap:15.2CVE-2021-39537openSUSE Leap 15.2
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
ModerateCVE-2021-39537SUSE bug 1190793SUSE bug 1196626cpe:/o:opensuse:leap:15.2CVE-2021-39920openSUSE Leap 15.2
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39920SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-39921openSUSE Leap 15.2
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39921SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-39922openSUSE Leap 15.2
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39922SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-39924openSUSE Leap 15.2
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39924SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-39925openSUSE Leap 15.2
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39925SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-39926openSUSE Leap 15.2
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39926SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-39928openSUSE Leap 15.2
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39928SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-39929openSUSE Leap 15.2
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
ModerateCVE-2021-39929SUSE bug 1192830cpe:/o:opensuse:leap:15.2CVE-2021-4008openSUSE Leap 15.2
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4008SUSE bug 1193030SUSE bug 1194308SUSE bug 1196656cpe:/o:opensuse:leap:15.2CVE-2021-4009openSUSE Leap 15.2
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4009SUSE bug 1190487cpe:/o:opensuse:leap:15.2CVE-2021-4010openSUSE Leap 15.2
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4010SUSE bug 1190488cpe:/o:opensuse:leap:15.2CVE-2021-4011openSUSE Leap 15.2
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4011SUSE bug 1190489SUSE bug 1196656cpe:/o:opensuse:leap:15.2CVE-2021-40330openSUSE Leap 15.2
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
ModerateCVE-2021-40330SUSE bug 1189992cpe:/o:opensuse:leap:15.2CVE-2021-40346openSUSE Leap 15.2
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
ImportantCVE-2021-40346SUSE bug 1189877cpe:/o:opensuse:leap:15.2CVE-2021-40438openSUSE Leap 15.2
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
ImportantCVE-2021-40438SUSE bug 1190703cpe:/o:opensuse:leap:15.2CVE-2021-40490openSUSE Leap 15.2
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
ModerateCVE-2021-40490SUSE bug 1190159SUSE bug 1192775cpe:/o:opensuse:leap:15.2CVE-2021-4052openSUSE Leap 15.2
Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
ModerateCVE-2021-4052SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-40529openSUSE Leap 15.2
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
LowCVE-2021-40529SUSE bug 1190244cpe:/o:opensuse:leap:15.2CVE-2021-4053openSUSE Leap 15.2
Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4053SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4054openSUSE Leap 15.2
Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
ModerateCVE-2021-4054SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4055openSUSE Leap 15.2
Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
ModerateCVE-2021-4055SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4056openSUSE Leap 15.2
Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4056SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4057openSUSE Leap 15.2
Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4057SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4058openSUSE Leap 15.2
Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4058SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4059openSUSE Leap 15.2
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-4059SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4061openSUSE Leap 15.2
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4061SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4062openSUSE Leap 15.2
Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4062SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4063openSUSE Leap 15.2
Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4063SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4064openSUSE Leap 15.2
Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4064SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4065openSUSE Leap 15.2
Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4065SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4066openSUSE Leap 15.2
Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4066SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4067openSUSE Leap 15.2
Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4067SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4068openSUSE Leap 15.2
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ModerateCVE-2021-4068SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4078openSUSE Leap 15.2
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4078SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4079openSUSE Leap 15.2
Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.
ModerateCVE-2021-4079SUSE bug 1193519cpe:/o:opensuse:leap:15.2CVE-2021-4098openSUSE Leap 15.2
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
ModerateCVE-2021-4098SUSE bug 1193713cpe:/o:opensuse:leap:15.2CVE-2021-4099openSUSE Leap 15.2
Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4099SUSE bug 1193713cpe:/o:opensuse:leap:15.2CVE-2021-4100openSUSE Leap 15.2
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4100SUSE bug 1193713cpe:/o:opensuse:leap:15.2CVE-2021-4101openSUSE Leap 15.2
Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4101SUSE bug 1193713cpe:/o:opensuse:leap:15.2CVE-2021-4102openSUSE Leap 15.2
Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2021-4102SUSE bug 1193713cpe:/o:opensuse:leap:15.2CVE-2021-4104openSUSE Leap 15.2
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
ModerateCVE-2021-4104SUSE bug 1193662SUSE bug 1193978SUSE bug 1194016SUSE bug 1194842cpe:/o:opensuse:leap:15.2CVE-2021-41079openSUSE Leap 15.2
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
ModerateCVE-2021-41079SUSE bug 1190558cpe:/o:opensuse:leap:15.2CVE-2021-41089openSUSE Leap 15.2
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.
ModerateCVE-2021-41089SUSE bug 1191015SUSE bug 1191355cpe:/o:opensuse:leap:15.2CVE-2021-41091openSUSE Leap 15.2
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.
ModerateCVE-2021-41091SUSE bug 1191355SUSE bug 1191434cpe:/o:opensuse:leap:15.2CVE-2021-41092openSUSE Leap 15.2
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
ModerateCVE-2021-41092SUSE bug 1191334SUSE bug 1191355cpe:/o:opensuse:leap:15.2CVE-2021-41103openSUSE Leap 15.2
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.
ModerateCVE-2021-41103SUSE bug 1191121SUSE bug 1191355cpe:/o:opensuse:leap:15.2CVE-2021-41133openSUSE Leap 15.2
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.
ImportantCVE-2021-41133SUSE bug 1191507SUSE bug 1191937cpe:/o:opensuse:leap:15.2CVE-2021-41177openSUSE Leap 15.2
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`.
ImportantCVE-2021-41177SUSE bug 1192031cpe:/o:opensuse:leap:15.2CVE-2021-41178openSUSE Leap 15.2
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.
ModerateCVE-2021-41178SUSE bug 1192030cpe:/o:opensuse:leap:15.2CVE-2021-41179openSUSE Leap 15.2
Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.
ModerateCVE-2021-41179SUSE bug 1192028cpe:/o:opensuse:leap:15.2CVE-2021-41259openSUSE Leap 15.2
Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri("http://localhost\0hello").hostname is set to "localhost\0hello". Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent("http://localhost\0hello") makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack.
ImportantCVE-2021-41259SUSE bug 1192712cpe:/o:opensuse:leap:15.2CVE-2021-41771openSUSE Leap 15.2
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
ModerateCVE-2021-41771SUSE bug 1192377cpe:/o:opensuse:leap:15.2CVE-2021-41772openSUSE Leap 15.2
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
ImportantCVE-2021-41772SUSE bug 1192378cpe:/o:opensuse:leap:15.2CVE-2021-41864openSUSE Leap 15.2
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
ImportantCVE-2021-41864SUSE bug 1191317SUSE bug 1191318cpe:/o:opensuse:leap:15.2CVE-2021-41990openSUSE Leap 15.2
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
ImportantCVE-2021-41990SUSE bug 1191367cpe:/o:opensuse:leap:15.2CVE-2021-41991openSUSE Leap 15.2
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
ImportantCVE-2021-41991SUSE bug 1191367SUSE bug 1191435SUSE bug 1192640cpe:/o:opensuse:leap:15.2CVE-2021-42008openSUSE Leap 15.2
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
ImportantCVE-2021-42008SUSE bug 1191315SUSE bug 1191660SUSE bug 1196722SUSE bug 1196810SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2021-42072openSUSE Leap 15.2
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.
ModerateCVE-2021-42072cpe:/o:opensuse:leap:15.2CVE-2021-42073openSUSE Leap 15.2
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
ModerateCVE-2021-42073cpe:/o:opensuse:leap:15.2CVE-2021-42096openSUSE Leap 15.2
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
ModerateCVE-2021-42096SUSE bug 1191959cpe:/o:opensuse:leap:15.2CVE-2021-42097openSUSE Leap 15.2
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
ModerateCVE-2021-42097SUSE bug 1191960cpe:/o:opensuse:leap:15.2CVE-2021-42252openSUSE Leap 15.2
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
ImportantCVE-2021-42252SUSE bug 1190479SUSE bug 1192444cpe:/o:opensuse:leap:15.2CVE-2021-42260openSUSE Leap 15.2
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
ModerateCVE-2021-42260SUSE bug 1191576cpe:/o:opensuse:leap:15.2CVE-2021-42739openSUSE Leap 15.2
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-42739SUSE bug 1184673SUSE bug 1192036SUSE bug 1196722SUSE bug 1196914cpe:/o:opensuse:leap:15.2CVE-2021-42762openSUSE Leap 15.2
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
ImportantCVE-2021-42762SUSE bug 1191937cpe:/o:opensuse:leap:15.2CVE-2021-42771openSUSE Leap 15.2
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
ImportantCVE-2021-42771SUSE bug 1185768cpe:/o:opensuse:leap:15.2CVE-2021-43056openSUSE Leap 15.2
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
ModerateCVE-2021-43056SUSE bug 1192107cpe:/o:opensuse:leap:15.2CVE-2021-43389openSUSE Leap 15.2
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
ModerateCVE-2021-43389SUSE bug 1191958cpe:/o:opensuse:leap:15.2CVE-2021-43527openSUSE Leap 15.2
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
ImportantCVE-2021-43527SUSE bug 1193170SUSE bug 1193331SUSE bug 1193378SUSE bug 1194288SUSE bug 1199301cpe:/o:opensuse:leap:15.2CVE-2021-43528openSUSE Leap 15.2
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.
ImportantCVE-2021-43528SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43536openSUSE Leap 15.2
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43536SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43537openSUSE Leap 15.2
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43537SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43538openSUSE Leap 15.2
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43538SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43539openSUSE Leap 15.2
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43539SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43541openSUSE Leap 15.2
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43541SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43542openSUSE Leap 15.2
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43542SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43543openSUSE Leap 15.2
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43543SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43545openSUSE Leap 15.2
Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43545SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43546openSUSE Leap 15.2
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43546SUSE bug 1193485cpe:/o:opensuse:leap:15.2CVE-2021-43618openSUSE Leap 15.2
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
ModerateCVE-2021-43618SUSE bug 1192717cpe:/o:opensuse:leap:15.2CVE-2021-43784openSUSE Leap 15.2
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
ModerateCVE-2021-43784SUSE bug 1193436cpe:/o:opensuse:leap:15.2CVE-2021-44228openSUSE Leap 15.2
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CriticalCVE-2021-44228SUSE bug 1193611SUSE bug 1193662SUSE bug 1193743SUSE bug 1193795SUSE bug 1194016SUSE bug 1194123cpe:/o:opensuse:leap:15.2CVE-2021-44540openSUSE Leap 15.2
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
ModerateCVE-2021-44540SUSE bug 1193584cpe:/o:opensuse:leap:15.2CVE-2021-44541openSUSE Leap 15.2
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
LowCVE-2021-44541SUSE bug 1193584cpe:/o:opensuse:leap:15.2CVE-2021-44542openSUSE Leap 15.2
A memory leak vulnerability was found in Privoxy when handling errors.
LowCVE-2021-44542SUSE bug 1193584cpe:/o:opensuse:leap:15.2CVE-2021-44543openSUSE Leap 15.2
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
LowCVE-2021-44543SUSE bug 1193584cpe:/o:opensuse:leap:15.2CVE-2021-44716openSUSE Leap 15.2
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
ImportantCVE-2021-44716SUSE bug 1193597cpe:/o:opensuse:leap:15.2CVE-2021-44717openSUSE Leap 15.2
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
ModerateCVE-2021-44717SUSE bug 1193598cpe:/o:opensuse:leap:15.2CVE-2021-44832openSUSE Leap 15.2
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
ModerateCVE-2021-44832SUSE bug 1194127cpe:/o:opensuse:leap:15.2CVE-2021-44847openSUSE Leap 15.2
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
ImportantCVE-2021-44847SUSE bug 1193667cpe:/o:opensuse:leap:15.2CVE-2021-45046openSUSE Leap 15.2
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
ImportantCVE-2021-45046SUSE bug 1193743cpe:/o:opensuse:leap:15.2CVE-2021-45105openSUSE Leap 15.2
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
ImportantCVE-2021-45105SUSE bug 1193887SUSE bug 1193888cpe:/o:opensuse:leap:15.2fastjaropenSUSE-releasecobblercobbler-testscobbler-webbusyboxbusybox-staticperl-DBIapache-commons-httpclientapache-commons-httpclient-demoapache-commons-httpclient-javadocapache-commons-httpclient-manuallibsqlite3-0libsqlite3-0-32bitsqlite3sqlite3-develsqlite3-docwpa_supplicantwpa_supplicant-guipam_radiuspam_radius-32bitglibcglibc-32bitglibc-develglibc-devel-32bitglibc-devel-staticglibc-devel-static-32bitglibc-extraglibc-htmlglibc-i18ndataglibc-infoglibc-localeglibc-locale-baseglibc-locale-base-32bitglibc-profileglibc-profile-32bitglibc-utilsglibc-utils-32bitnscdctdbctdb-pcp-pmdactdb-testslibdcerpc-binding0libdcerpc-binding0-32bitlibdcerpc-devellibdcerpc-samr-devellibdcerpc-samr0libdcerpc-samr0-32bitlibdcerpc0libdcerpc0-32bitlibndr-devellibndr-krb5pac-devellibndr-krb5pac0libndr-krb5pac0-32bitlibndr-nbt-devellibndr-nbt0libndr-nbt0-32bitlibndr-standard-devellibndr-standard0libndr-standard0-32bitlibndr0libndr0-32bitlibnetapi-devellibnetapi-devel-32bitlibnetapi0libnetapi0-32bitlibsamba-credentials-devellibsamba-credentials0libsamba-credentials0-32bitlibsamba-errors-devellibsamba-errors0libsamba-errors0-32bitlibsamba-hostconfig-devellibsamba-hostconfig0libsamba-hostconfig0-32bitlibsamba-passdb-devellibsamba-passdb0libsamba-passdb0-32bitlibsamba-policy-devellibsamba-policy-python3-devellibsamba-policy0-python3libsamba-policy0-python3-32bitlibsamba-util-devellibsamba-util0libsamba-util0-32bitlibsamdb-devellibsamdb0libsamdb0-32bitlibsmbclient-devellibsmbclient0libsmbclient0-32bitlibsmbconf-devellibsmbconf0libsmbconf0-32bitlibsmbldap-devellibsmbldap2libsmbldap2-32bitlibtevent-util-devellibtevent-util0libtevent-util0-32bitlibwbclient-devellibwbclient0libwbclient0-32bitsambasamba-ad-dcsamba-ad-dc-32bitsamba-cephsamba-clientsamba-client-32bitsamba-core-develsamba-docsamba-dsdb-modulessamba-libssamba-libs-32bitsamba-libs-python3samba-libs-python3-32bitsamba-python3samba-testsamba-winbindsamba-winbind-32bitjheadfroxlornagiosnagios-contribnagios-develnagios-theme-exfoliationnagios-wwwnagios-www-dchperl-XML-Twigjasperlibjasper-devellibjasper4libjasper4-32biteximeximoneximstats-htmlknotsnakeyamlsnakeyaml-javadocLibVNCServer-devellibvncclient0libvncserver0libraptor-devellibraptor2-0libraptor2-0-32bitraptorbindbind-chrootenvbind-develbind-devel-32bitbind-docbind-utilslibbind9-1600libbind9-1600-32bitlibdns1605libdns1605-32bitlibirs-devellibirs1601libirs1601-32bitlibisc1606libisc1606-32bitlibisccc1600libisccc1600-32bitlibisccfg1600libisccfg1600-32bitlibns1604libns1604-32bitlibuv-devellibuv1libuv1-32bitpython3-bindsysuser-shadowsysuser-toolsspectre-meltdown-checkerlibzypplibzypp-devellibzypp-devel-docyast2-installationzypperzypper-aptitudezypper-logzypper-needs-restartingnasmgraphvizgraphviz-develgraphviz-docgraphviz-gdgraphviz-gnomegraphviz-guilegraphviz-gveditgraphviz-javagraphviz-luagraphviz-perlgraphviz-phpgraphviz-plugins-coregraphviz-pythongraphviz-rubygraphviz-smyrnagraphviz-tcllibgraphviz6libwavpack1libwavpack1-32bitwavpackwavpack-devellibxerces-c-3_1libxerces-c-3_1-32bitlibxerces-c-develxerces-cxerces-c-doclibsndfile-devellibsndfile-progslibsndfile1libsndfile1-32bitkernel-debugkernel-debug-develkernel-defaultkernel-default-basekernel-default-base-rebuildkernel-default-develkernel-develkernel-docskernel-docs-htmlkernel-kvmsmallkernel-kvmsmall-develkernel-macroskernel-obs-buildkernel-obs-qakernel-preemptkernel-preempt-develkernel-sourcekernel-source-vanillakernel-symslibmspack-devellibmspack0libmspack0-32bitmspack-toolsssh-auditlibqt4libqt4-32bitlibqt4-devellibqt4-devel-32bitlibqt4-devel-doclibqt4-devel-doc-datalibqt4-linguistlibqt4-private-headers-devellibqt4-qt3supportlibqt4-qt3support-32bitlibqt4-sqllibqt4-sql-32bitlibqt4-sql-postgresqllibqt4-sql-sqlitelibqt4-sql-sqlite-32bitlibqt4-sql-unixODBClibqt4-x11libqt4-x11-32bitqt4-x11-toolspython3-saltsaltsalt-apisalt-bash-completionsalt-cloudsalt-docsalt-fish-completionsalt-mastersalt-minionsalt-proxysalt-sshsalt-standalone-formulas-configurationsalt-syndicsalt-transactional-updatesalt-zsh-completiongettext-csharpgettext-javagettext-runtimegettext-runtime-32bitgettext-runtime-minigettext-runtime-mini-tools-docgettext-runtime-tools-docgettext-toolsgettext-tools-mininetdatatmuxlibu2f-host-devellibu2f-host-doclibu2f-host0u2f-hostopenvpnopenvpn-auth-pam-pluginopenvpn-developenvpn-down-root-pluginntpntp-docotrsotrs-docotrs-itsmbuildahlibcontainers-commonpodmanpodman-cni-configdracut-saltbootroundcubemailperl-Mail-SpamAssassinperl-Mail-SpamAssassin-Plugin-iXhash2spamassassinclamavclamav-devellibclamav9libfreshclam2binutilsbinutils-develbinutils-devel-32bitbinutils-goldcross-aarch64-binutilscross-arm-binutilscross-avr-binutilscross-epiphany-binutilscross-hppa-binutilscross-hppa64-binutilscross-i386-binutilscross-ia64-binutilscross-m68k-binutilscross-mips-binutilscross-ppc-binutilscross-ppc64-binutilscross-ppc64le-binutilscross-riscv64-binutilscross-rx-binutilscross-s390-binutilscross-s390x-binutilscross-sparc-binutilscross-sparc64-binutilscross-spu-binutilscross-xtensa-binutilslibctf-nobfd0libctf0nsdpython2-virt-bootstrappython3-virt-bootstraplibSDL-1_2-0libSDL-1_2-0-32bitlibSDL-devellibSDL-devel-32bittransfigovmfovmf-toolsqemu-ovmf-ia32qemu-ovmf-x86_64qemu-ovmf-x86_64-debugshimlibtiff-devellibtiff-devel-32bitlibtiff5libtiff5-32bittiffgrafanagrafana-piechart-panelgrafana-status-panelkernel-firmwareucode-amdlibBasicUsageEnvironment1libUsageEnvironment3libgroupsock30libliveMedia94live555live555-develcsync2qemuqemu-armqemu-audio-alsaqemu-audio-paqemu-audio-sdlqemu-block-curlqemu-block-dmgqemu-block-glusterqemu-block-iscsiqemu-block-nfsqemu-block-rbdqemu-block-sshqemu-extraqemu-guest-agentqemu-ipxeqemu-ksmqemu-kvmqemu-langqemu-linux-userqemu-microvmqemu-ppcqemu-s390qemu-seabiosqemu-sgabiosqemu-testsuiteqemu-toolsqemu-ui-cursesqemu-ui-gtkqemu-ui-sdlqemu-ui-spice-appqemu-vgabiosqemu-vhost-user-gpuqemu-x86openscopensc-32bitlibmysofa-devellibmysofa0hostapdhunspellhunspell-develhunspell-devel-32bithunspell-toolslibhunspell-1_6-0libhunspell-1_6-0-32bitrmt-serverrmt-server-configrmt-server-pubcloudpython2-waitresspython3-waitresslibpython3_6m1_0libpython3_6m1_0-32bitpython3python3-32bitpython3-basepython3-base-32bitpython3-cursespython3-dbmpython3-develpython3-docpython3-doc-devhelppython3-idlepython3-testsuitepython3-tkpython3-toolslibssh2-1libssh2-1-32bitlibssh2-develfribidifribidi-devellibfribidi0libfribidi0-32bitlibnghttp2-14libnghttp2-14-32bitlibnghttp2-devellibnghttp2_asio-devellibnghttp2_asio1libnghttp2_asio1-32bitnghttp2python3-nghttp2cluster-md-kmp-rtcluster-md-kmp-rt_debugdlm-kmp-rtdlm-kmp-rt_debuggfs2-kmp-rtgfs2-kmp-rt_debugkernel-devel-rtkernel-rtkernel-rt-develkernel-rt-extrakernel-rt_debugkernel-rt_debug-develkernel-rt_debug-extrakernel-source-rtkernel-syms-rtkselftests-kmp-rtkselftests-kmp-rt_debugocfs2-kmp-rtocfs2-kmp-rt_debugreiserfs-kmp-rtreiserfs-kmp-rt_debugcryptctllibunbound-devel-minilibunbound2unboundunbound-anchorunbound-develunbound-muninunbound-pythonloutlibesmtplibesmtp-devellibnetcdf-gnu-hpclibnetcdf-gnu-mpich-hpclibnetcdf-gnu-mvapich2-hpclibnetcdf-gnu-openmpi2-hpclibnetcdf-gnu-openmpi3-hpclibnetcdf_4_7_3-gnu-hpclibnetcdf_4_7_3-gnu-mpich-hpclibnetcdf_4_7_3-gnu-mvapich2-hpclibnetcdf_4_7_3-gnu-openmpi2-hpclibnetcdf_4_7_3-gnu-openmpi3-hpcnetcdf-gnu-hpcnetcdf-gnu-hpc-develnetcdf-gnu-mpich-hpcnetcdf-gnu-mpich-hpc-develnetcdf-gnu-mvapich2-hpcnetcdf-gnu-mvapich2-hpc-develnetcdf-gnu-openmpi2-hpcnetcdf-gnu-openmpi2-hpc-develnetcdf-gnu-openmpi3-hpcnetcdf-gnu-openmpi3-hpc-develnetcdf_4_7_3-gnu-hpcnetcdf_4_7_3-gnu-hpc-develnetcdf_4_7_3-gnu-hpc-devel-staticnetcdf_4_7_3-gnu-mpich-hpcnetcdf_4_7_3-gnu-mpich-hpc-develnetcdf_4_7_3-gnu-mpich-hpc-devel-staticnetcdf_4_7_3-gnu-mvapich2-hpcnetcdf_4_7_3-gnu-mvapich2-hpc-develnetcdf_4_7_3-gnu-mvapich2-hpc-devel-staticnetcdf_4_7_3-gnu-openmpi2-hpcnetcdf_4_7_3-gnu-openmpi2-hpc-develnetcdf_4_7_3-gnu-openmpi2-hpc-devel-staticnetcdf_4_7_3-gnu-openmpi3-hpcnetcdf_4_7_3-gnu-openmpi3-hpc-develnetcdf_4_7_3-gnu-openmpi3-hpc-devel-staticlibpcre1libpcre1-32bitlibpcre16-0libpcre16-0-32bitlibpcrecpp0libpcrecpp0-32bitlibpcreposix0libpcreposix0-32bitpcre-develpcre-devel-staticpcre-docpcre-toolslibpython2_7-1_0libpython2_7-1_0-32bitpythonpython-32bitpython-basepython-base-32bitpython-cursespython-demopython-develpython-docpython-doc-pdfpython-gdbmpython-idlepython-tkpython-xmlpython2-pippython2-pip-wheelpython2-setuptoolspython2-setuptools-testpython2-setuptools-wheelpython3-pippython3-pip-wheelpython3-setuptoolspython3-setuptools-testpython3-setuptools-wheelaspellaspell-develaspell-ispellaspell-spelllibaspell15libaspell15-32bitlibpspell15libpspell15-32bitaria2aria2-develaria2-langlibaria2-0ruby2.5-rubygem-bundlerruby2.5-rubygem-bundler-docmercurialmercurial-langruby2.5-rubygem-nokogiriruby2.5-rubygem-nokogiri-docruby2.5-rubygem-nokogiri-testsuitelibgroupsock8libliveMedia66chromedriverchromiumcupscups-clientcups-configcups-ddkcups-develcups-devel-32bitlibcups2libcups2-32bitlibcupscgi1libcupscgi1-32bitlibcupsimage2libcupsimage2-32bitlibcupsmime1libcupsmime1-32bitlibcupsppdc1libcupsppdc1-32bitlibntfs-3g-devellibntfs-3g87ntfs-3gntfsprogsntfsprogs-extrabbswitchbbswitch-kmp-defaultbbswitch-kmp-preemptcrashcrash-develcrash-doccrash-eppiccrash-gcorecrash-kmp-defaultcrash-kmp-preemptdpdkdpdk-develdpdk-docdpdk-examplesdpdk-kmp-defaultdpdk-kmp-preemptdpdk-toolsdrbddrbd-kmp-defaultdrbd-kmp-preempthdjmod-kmp-defaulthdjmod-kmp-preemptlibdpdk-20_0mhvtlmhvtl-kmp-defaultmhvtl-kmp-preemptopenafsopenafs-authlibsopenafs-authlibs-developenafs-clientopenafs-developenafs-fuse_clientopenafs-kernel-sourceopenafs-kmp-defaultopenafs-kmp-preemptopenafs-serverpcfclockpcfclock-kmp-defaultpcfclock-kmp-preemptpython3-virtualboxrtl8812aurtl8812au-kmp-defaultrtl8812au-kmp-preemptsysdigsysdig-kmp-defaultsysdig-kmp-preemptv4l2loopback-kmp-defaultv4l2loopback-kmp-preemptv4l2loopback-utilsvhba-kmp-defaultvhba-kmp-preemptvirtualboxvirtualbox-develvirtualbox-guest-desktop-iconsvirtualbox-guest-sourcevirtualbox-guest-toolsvirtualbox-guest-x11virtualbox-host-sourcevirtualbox-kmp-defaultvirtualbox-kmp-preemptvirtualbox-qtvirtualbox-vncvirtualbox-websrvxtables-addonsxtables-addons-kmp-defaultxtables-addons-kmp-preemptflacflac-develflac-devel-32bitflac-doclibFLAC++6libFLAC++6-32bitlibFLAC8libFLAC8-32bitxenxen-develxen-doc-htmlxen-libsxen-libs-32bitxen-toolsxen-tools-domUxen-tools-xendomains-wait-diskbluezbluez-auto-enable-devicesbluez-cupsbluez-develbluez-devel-32bitbluez-testlibbluetooth3libbluetooth3-32bittoru-boot-toolsldb-toolslibldb-devellibldb2libldb2-32bitpython3-ldbpython3-ldb-32bitpython3-ldb-develgrub2grub2-branding-upstreamgrub2-i386-efigrub2-i386-efi-debuggrub2-i386-pcgrub2-i386-pc-debuggrub2-i386-xengrub2-snapper-plugingrub2-systemd-sleep-plugingrub2-x86_64-efigrub2-x86_64-efi-debuggrub2-x86_64-xencni-pluginsslirp4netnsdfu-toolfwupdfwupd-develfwupd-langlibfwupd2typelib-1_0-Fwupd-2_0libmbedcrypto3libmbedcrypto3-32bitlibmbedtls12libmbedtls12-32bitlibmbedx509-0libmbedx509-0-32bitmbedtls-develcacticacti-spineruby2.5-rubygem-pumaruby2.5-rubygem-puma-docpython2-httplib2python3-httplib2libwireshark13libwiretap10libwsutil11wiresharkwireshark-develwireshark-ui-qtzabbix-agentzabbix-bash-completionzabbix-java-gatewayzabbix-phpfrontendzabbix-proxyzabbix-proxy-mysqlzabbix-proxy-postgresqlzabbix-proxy-sqlitezabbix-serverzabbix-server-mysqlzabbix-server-postgresqlzabbix-server-sqliteaudacityaudacity-langapache2apache2-develapache2-docapache2-eventapache2-example-pagesapache2-preforkapache2-utilsapache2-workertomcattomcat-admin-webappstomcat-docs-webapptomcat-el-3_0-apitomcat-embedtomcat-javadoctomcat-jsp-2_3-apitomcat-jsvctomcat-libtomcat-servlet-4_0-apitomcat-webappsdbus-1dbus-1-develdbus-1-devel-32bitdbus-1-devel-docdbus-1-x11libdbus-1-3libdbus-1-3-32bitdovecot23dovecot23-backend-mysqldovecot23-backend-pgsqldovecot23-backend-sqlitedovecot23-develdovecot23-ftsdovecot23-fts-lucenedovecot23-fts-solrdovecot23-fts-squatmailmanlibfreebl3libfreebl3-32bitlibfreebl3-hmaclibfreebl3-hmac-32bitlibsoftokn3libsoftokn3-32bitlibsoftokn3-hmaclibsoftokn3-hmac-32bitmozilla-nsprmozilla-nspr-32bitmozilla-nspr-develmozilla-nssmozilla-nss-32bitmozilla-nss-certsmozilla-nss-certs-32bitmozilla-nss-develmozilla-nss-sysinitmozilla-nss-sysinit-32bitmozilla-nss-toolsMozillaFirefoxMozillaFirefox-branding-upstreamMozillaFirefox-buildsymbolsMozillaFirefox-develMozillaFirefox-translations-commonMozillaFirefox-translations-otherMozillaThunderbirdMozillaThunderbird-translations-commonMozillaThunderbird-translations-othergssproxylibpmi0libslurm33perl-slurmslurmslurm-auth-noneslurm-configslurm-config-manslurm-crayslurm-develslurm-docslurm-hdf5slurm-luaslurm-mungeslurm-nodeslurm-openlavaslurm-pam_slurmslurm-pluginsslurm-seffslurm-sjstatslurm-slurmdbdslurm-sqlslurm-sviewslurm-torqueslurm-webdocminidlnalibreofficelibreoffice-baselibreoffice-base-drivers-firebirdlibreoffice-base-drivers-postgresqllibreoffice-branding-upstreamlibreoffice-calclibreoffice-calc-extensionslibreoffice-drawlibreoffice-filters-optionallibreoffice-gdb-pretty-printerslibreoffice-gladelibreoffice-gnomelibreoffice-gtk3libreoffice-icon-themeslibreoffice-impresslibreoffice-l10n-aflibreoffice-l10n-amlibreoffice-l10n-arlibreoffice-l10n-aslibreoffice-l10n-astlibreoffice-l10n-belibreoffice-l10n-bglibreoffice-l10n-bnlibreoffice-l10n-bn_INlibreoffice-l10n-bolibreoffice-l10n-brlibreoffice-l10n-brxlibreoffice-l10n-bslibreoffice-l10n-calibreoffice-l10n-ca_valencialibreoffice-l10n-cslibreoffice-l10n-cylibreoffice-l10n-dalibreoffice-l10n-delibreoffice-l10n-dgolibreoffice-l10n-dsblibreoffice-l10n-dzlibreoffice-l10n-ellibreoffice-l10n-enlibreoffice-l10n-en_GBlibreoffice-l10n-en_ZAlibreoffice-l10n-eolibreoffice-l10n-eslibreoffice-l10n-etlibreoffice-l10n-eulibreoffice-l10n-falibreoffice-l10n-filibreoffice-l10n-frlibreoffice-l10n-fylibreoffice-l10n-galibreoffice-l10n-gdlibreoffice-l10n-gllibreoffice-l10n-gulibreoffice-l10n-guglibreoffice-l10n-helibreoffice-l10n-hilibreoffice-l10n-hrlibreoffice-l10n-hsblibreoffice-l10n-hulibreoffice-l10n-idlibreoffice-l10n-islibreoffice-l10n-itlibreoffice-l10n-jalibreoffice-l10n-kalibreoffice-l10n-kablibreoffice-l10n-kklibreoffice-l10n-kmlibreoffice-l10n-kmr_Latnlibreoffice-l10n-knlibreoffice-l10n-kolibreoffice-l10n-koklibreoffice-l10n-kslibreoffice-l10n-lblibreoffice-l10n-lolibreoffice-l10n-ltlibreoffice-l10n-lvlibreoffice-l10n-mailibreoffice-l10n-mklibreoffice-l10n-mllibreoffice-l10n-mnlibreoffice-l10n-mnilibreoffice-l10n-mrlibreoffice-l10n-mylibreoffice-l10n-nblibreoffice-l10n-nelibreoffice-l10n-nllibreoffice-l10n-nnlibreoffice-l10n-nrlibreoffice-l10n-nsolibreoffice-l10n-oclibreoffice-l10n-omlibreoffice-l10n-orlibreoffice-l10n-palibreoffice-l10n-pllibreoffice-l10n-pt_BRlibreoffice-l10n-pt_PTlibreoffice-l10n-rolibreoffice-l10n-rulibreoffice-l10n-rwlibreoffice-l10n-sa_INlibreoffice-l10n-satlibreoffice-l10n-sdlibreoffice-l10n-silibreoffice-l10n-sidlibreoffice-l10n-sklibreoffice-l10n-sllibreoffice-l10n-sqlibreoffice-l10n-srlibreoffice-l10n-sslibreoffice-l10n-stlibreoffice-l10n-svlibreoffice-l10n-sw_TZlibreoffice-l10n-szllibreoffice-l10n-talibreoffice-l10n-telibreoffice-l10n-tglibreoffice-l10n-thlibreoffice-l10n-tnlibreoffice-l10n-trlibreoffice-l10n-tslibreoffice-l10n-ttlibreoffice-l10n-uglibreoffice-l10n-uklibreoffice-l10n-uzlibreoffice-l10n-velibreoffice-l10n-veclibreoffice-l10n-vilibreoffice-l10n-xhlibreoffice-l10n-zh_CNlibreoffice-l10n-zh_TWlibreoffice-l10n-zulibreoffice-librelogolibreoffice-mailmergelibreoffice-mathlibreoffice-officebeanlibreoffice-pyunolibreoffice-qt5libreoffice-sdklibreoffice-sdk-doclibreoffice-writerlibreoffice-writer-extensionslibreofficekitlibreofficekit-developenconnectopenconnect-developenconnect-docopenconnect-langlibcrocolibcroco-0_6-3libcroco-0_6-3-32bitlibcroco-develsane-backendssane-backends-32bitsane-backends-autoconfigsane-backends-develsane-backends-devel-32bitlibvlc5libvlccore9vlcvlc-codec-gstreamervlc-develvlc-jackvlc-langvlc-noXvlc-opencvvlc-qtvlc-vdpaulibjavascriptcoregtk-4_0-18libjavascriptcoregtk-4_0-18-32bitlibwebkit2gtk-4_0-37libwebkit2gtk-4_0-37-32bitlibwebkit2gtk3-langtypelib-1_0-JavaScriptCore-4_0typelib-1_0-WebKit2-4_0typelib-1_0-WebKit2WebExtension-4_0webkit-jsc-4webkit2gtk-4_0-injected-bundleswebkit2gtk3-develwebkit2gtk3-minibrowsergsoap-develgsoap-doclibgsoap-2_8_102balsabalsa-langglib-networkingglib-networking-32bitglib-networking-langpython2-rsapython3-rsalibjpeg-turbolibjpeg62libjpeg62-32bitlibjpeg62-devellibjpeg62-devel-32bitlibjpeg62-turbolibjpeg8libjpeg8-32bitlibjpeg8-devellibjpeg8-devel-32bitlibturbojpeg0libturbojpeg0-32bitcpp10cpp7cross-nvptx-gcc10cross-nvptx-newlib10-develgcc10gcc10-32bitgcc10-adagcc10-ada-32bitgcc10-c++gcc10-c++-32bitgcc10-dgcc10-d-32bitgcc10-fortrangcc10-fortran-32bitgcc10-gogcc10-go-32bitgcc10-infogcc10-localegcc10-obj-c++gcc10-obj-c++-32bitgcc10-objcgcc10-objc-32bitgcc7gcc7-32bitgcc7-adagcc7-ada-32bitgcc7-c++gcc7-c++-32bitgcc7-fortrangcc7-fortran-32bitgcc7-gogcc7-go-32bitgcc7-infogcc7-localegcc7-obj-c++gcc7-obj-c++-32bitgcc7-objcgcc7-objc-32bitlibada10libada10-32bitlibada7libada7-32bitlibasan4libasan4-32bitlibasan6libasan6-32bitlibatomic1libatomic1-32bitlibcilkrts5libcilkrts5-32bitlibgcc_s1libgcc_s1-32bitlibgdruntime1libgdruntime1-32bitlibgfortran4libgfortran4-32bitlibgfortran5libgfortran5-32bitlibgo11libgo11-32bitlibgo16libgo16-32bitlibgomp1libgomp1-32bitlibgphobos1libgphobos1-32bitlibitm1libitm1-32bitliblsan0libobjc4libobjc4-32bitlibquadmath0libquadmath0-32bitlibstdc++6libstdc++6-32bitlibstdc++6-devel-gcc10libstdc++6-devel-gcc10-32bitlibstdc++6-devel-gcc7libstdc++6-devel-gcc7-32bitlibstdc++6-localelibstdc++6-pp-gcc10libstdc++6-pp-gcc10-32bitlibtsan0libubsan0libubsan0-32bitlibubsan1libubsan1-32bitnvptx-toolssingularitypython2-targetcli-fbpython3-targetcli-fbtargetcli-fb-commonvelocityvelocity-demovelocity-javadocvelocity-manuallibQt5Bootstrap-devel-staticlibQt5Bootstrap-devel-static-32bitlibQt5Concurrent-devellibQt5Concurrent-devel-32bitlibQt5Concurrent5libQt5Concurrent5-32bitlibQt5Core-devellibQt5Core-devel-32bitlibQt5Core-private-headers-devellibQt5Core5libQt5Core5-32bitlibQt5DBus-devellibQt5DBus-devel-32bitlibQt5DBus-private-headers-devellibQt5DBus5libQt5DBus5-32bitlibQt5Gui-devellibQt5Gui-devel-32bitlibQt5Gui-private-headers-devellibQt5Gui5libQt5Gui5-32bitlibQt5KmsSupport-devel-staticlibQt5KmsSupport-private-headers-devellibQt5Network-devellibQt5Network-devel-32bitlibQt5Network-private-headers-devellibQt5Network5libQt5Network5-32bitlibQt5OpenGL-devellibQt5OpenGL-devel-32bitlibQt5OpenGL-private-headers-devellibQt5OpenGL5libQt5OpenGL5-32bitlibQt5OpenGLExtensions-devel-staticlibQt5OpenGLExtensions-devel-static-32bitlibQt5PlatformHeaders-devellibQt5PlatformSupport-devel-staticlibQt5PlatformSupport-devel-static-32bitlibQt5PlatformSupport-private-headers-devellibQt5PrintSupport-devellibQt5PrintSupport-devel-32bitlibQt5PrintSupport-private-headers-devellibQt5PrintSupport5libQt5PrintSupport5-32bitlibQt5Sql-devellibQt5Sql-devel-32bitlibQt5Sql-private-headers-devellibQt5Sql5libQt5Sql5-32bitlibQt5Sql5-mysqllibQt5Sql5-mysql-32bitlibQt5Sql5-postgresqllibQt5Sql5-postgresql-32bitlibQt5Sql5-sqlitelibQt5Sql5-sqlite-32bitlibQt5Sql5-unixODBClibQt5Sql5-unixODBC-32bitlibQt5Test-devellibQt5Test-devel-32bitlibQt5Test-private-headers-devellibQt5Test5libQt5Test5-32bitlibQt5Widgets-devellibQt5Widgets-devel-32bitlibQt5Widgets-private-headers-devellibQt5Widgets5libQt5Widgets5-32bitlibQt5Xml-devellibQt5Xml-devel-32bitlibQt5Xml5libQt5Xml5-32bitlibqt5-qtbase-common-devellibqt5-qtbase-devellibqt5-qtbase-exampleslibqt5-qtbase-examples-32bitlibqt5-qtbase-platformtheme-gtk3libqt5-qtbase-platformtheme-xdgdesktopportallibqt5-qtbase-private-headers-develiscsiuiolibopeniscsiusr0_2_0open-iscsiopen-iscsi-develicinga2icinga2-binicinga2-commonicinga2-docicinga2-ido-mysqlicinga2-ido-pgsqlnano-icinga2vim-icinga2python2-rtslib-fbpython3-rtslib-fbgo1.13go1.13-docgo1.13-racego1.14go1.14-docgo1.14-racesquidmuttmutt-docmutt-langneomuttneomutt-docneomutt-langopensshopenssh-askpass-gnomeopenssh-cavsopenssh-fipsopenssh-helperspdns-recursordnsmasqdnsmasq-utilslibvirtlibvirt-adminlibvirt-bash-completionlibvirt-clientlibvirt-daemonlibvirt-daemon-config-networklibvirt-daemon-config-nwfilterlibvirt-daemon-driver-interfacelibvirt-daemon-driver-libxllibvirt-daemon-driver-lxclibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-glusterlibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-rbdlibvirt-daemon-driver-storage-scsilibvirt-daemon-hookslibvirt-daemon-lxclibvirt-daemon-qemulibvirt-daemon-xenlibvirt-devellibvirt-devel-32bitlibvirt-doclibvirt-libslibvirt-lock-sanlocklibvirt-nsswireshark-plugin-libvirtcifs-utilscifs-utils-develpam_cifscredspython2-PyYAMLpython3-PyYAMLlibX11-6libX11-6-32bitlibX11-datalibX11-devellibX11-devel-32bitlibX11-xcb1libX11-xcb1-32bitlibxcb-composite0libxcb-composite0-32bitlibxcb-damage0libxcb-damage0-32bitlibxcb-devellibxcb-devel-32bitlibxcb-devel-doclibxcb-dpms0libxcb-dpms0-32bitlibxcb-dri2-0libxcb-dri2-0-32bitlibxcb-dri3-0libxcb-dri3-0-32bitlibxcb-glx0libxcb-glx0-32bitlibxcb-present0libxcb-present0-32bitlibxcb-randr0libxcb-randr0-32bitlibxcb-record0libxcb-record0-32bitlibxcb-render0libxcb-render0-32bitlibxcb-res0libxcb-res0-32bitlibxcb-screensaver0libxcb-screensaver0-32bitlibxcb-shape0libxcb-shape0-32bitlibxcb-shm0libxcb-shm0-32bitlibxcb-sync1libxcb-sync1-32bitlibxcb-xf86dri0libxcb-xf86dri0-32bitlibxcb-xfixes0libxcb-xfixes0-32bitlibxcb-xinerama0libxcb-xinerama0-32bitlibxcb-xinput0libxcb-xinput0-32bitlibxcb-xkb1libxcb-xkb1-32bitlibxcb-xtest0libxcb-xtest0-32bitlibxcb-xv0libxcb-xv0-32bitlibxcb-xvmc0libxcb-xvmc0-32bitlibxcb1libxcb1-32bitxorg-x11-serverxorg-x11-server-extraxorg-x11-server-sdkxorg-x11-server-sourcexorg-x11-server-waylandlibecpg6libecpg6-32bitlibpq5libpq5-32bitpostgresqlpostgresql-contribpostgresql-develpostgresql-docspostgresql-llvmjitpostgresql-plperlpostgresql-plpythonpostgresql-pltclpostgresql-serverpostgresql-server-develpostgresql-testpostgresql10postgresql10-contribpostgresql10-develpostgresql10-docspostgresql10-plperlpostgresql10-plpythonpostgresql10-pltclpostgresql10-serverpostgresql10-testpostgresql11postgresql11-contribpostgresql11-develpostgresql11-docspostgresql11-llvmjitpostgresql11-plperlpostgresql11-plpythonpostgresql11-pltclpostgresql11-serverpostgresql11-server-develpostgresql11-testpostgresql12postgresql12-contribpostgresql12-develpostgresql12-docspostgresql12-llvmjitpostgresql12-plperlpostgresql12-plpythonpostgresql12-pltclpostgresql12-serverpostgresql12-server-develpostgresql12-testpostgresql96postgresql96-contribpostgresql96-develpostgresql96-docspostgresql96-plperlpostgresql96-plpythonpostgresql96-pltclpostgresql96-serverpostgresql96-testlibrepo-devellibrepo0python3-librepolibspice-client-glib-2_0-8libspice-client-glib-helperlibspice-client-gtk-3_0-5libspice-server-devellibspice-server1spice-gtkspice-gtk-develspice-gtk-langtypelib-1_0-SpiceClientGlib-2_0typelib-1_0-SpiceClientGtk-3_0python-ipaddressjava-11-openjdkjava-11-openjdk-accessibilityjava-11-openjdk-demojava-11-openjdk-develjava-11-openjdk-headlessjava-11-openjdk-javadocjava-11-openjdk-jmodsjava-11-openjdk-srcjava-1_8_0-openj9java-1_8_0-openj9-accessibilityjava-1_8_0-openj9-demojava-1_8_0-openj9-develjava-1_8_0-openj9-headlessjava-1_8_0-openj9-javadocjava-1_8_0-openj9-srcjava-1_8_0-openjdkjava-1_8_0-openjdk-accessibilityjava-1_8_0-openjdk-demojava-1_8_0-openjdk-develjava-1_8_0-openjdk-headlessjava-1_8_0-openjdk-javadocjava-1_8_0-openjdk-srclibmariadb-devellibmariadb3libmariadb3-32bitlibmariadb_pluginslibmariadbd-devellibmariadbd19libmariadbprivatemariadbmariadb-benchmariadb-clientmariadb-errormessagesmariadb-galeramariadb-rpm-macrosmariadb-testmariadb-toolsevolution-data-serverevolution-data-server-32bitevolution-data-server-develevolution-data-server-langevolution-ewsevolution-ews-langlibcamel-1_2-62libcamel-1_2-62-32bitlibebackend-1_2-10libebackend-1_2-10-32bitlibebook-1_2-20libebook-1_2-20-32bitlibebook-contacts-1_2-3libebook-contacts-1_2-3-32bitlibecal-2_0-1libecal-2_0-1-32bitlibedata-book-1_2-26libedata-book-1_2-26-32bitlibedata-cal-2_0-1libedata-cal-2_0-1-32bitlibedataserver-1_2-24libedataserver-1_2-24-32bitlibedataserverui-1_2-2libedataserverui-1_2-2-32bittypelib-1_0-Camel-1_2typelib-1_0-EBackend-1_2typelib-1_0-EBook-1_2typelib-1_0-EBookContacts-1_2typelib-1_0-ECal-2_0typelib-1_0-EDataBook-1_2typelib-1_0-EDataCal-2_0typelib-1_0-EDataServer-1_2typelib-1_0-EDataServerUI-1_2alpinepicopilotchocolate-doomchocolate-doom-bash-completionnodejs10nodejs10-develnodejs10-docsnodejs12nodejs12-develnodejs12-docsnpm10npm12libunwindlibunwind-32bitlibunwind-devellibzmq5zeromq-develzeromq-toolslibtensorflow2libtensorflow2-gnu-hpclibtensorflow2-gnu-openmpi2-hpclibtensorflow_cc2libtensorflow_cc2-gnu-hpclibtensorflow_cc2-gnu-openmpi2-hpclibtensorflow_framework2libtensorflow_framework2-gnu-hpclibtensorflow_framework2-gnu-openmpi2-hpctensorflow2tensorflow2-develtensorflow2-doctensorflow2-gnu-hpctensorflow2-gnu-openmpi2-hpctensorflow2-litetensorflow2-lite-develtensorflow2_2_1_2-gnu-hpctensorflow2_2_1_2-gnu-hpc-develtensorflow2_2_1_2-gnu-hpc-doctensorflow2_2_1_2-gnu-openmpi2-hpctensorflow2_2_1_2-gnu-openmpi2-hpc-develtensorflow2_2_1_2-gnu-openmpi2-hpc-docbluemanblueman-langthunar-sendto-bluemancontainerdcontainerd-ctrdockerdocker-bash-completiondocker-fish-completiondocker-libnetworkdocker-runcdocker-testdocker-zsh-completionfishfish-develgolang-github-docker-libnetworkmoinmoin-wikilibIlmImf-2_2-23libIlmImf-2_2-23-32bitlibIlmImfUtil-2_2-23libIlmImfUtil-2_2-23-32bitopenexropenexr-developenexr-dockf5-mediainfolibmediainfo-devellibmediainfo0libmediainfo0-32bitmediainfomediainfo-guihylafax+hylafax+-clientlibfaxutil7_0_3libraw-devellibraw-devel-staticlibraw-toolslibraw16bouncycastlebouncycastle-javadocbouncycastle-mailbouncycastle-pgbouncycastle-pkixbouncycastle-tlsgstreamer-plugin-pipewirelibpipewire-0_3-0pipewirepipewire-develpipewire-docpipewire-libjack-0_3pipewire-libpulse-0_3pipewire-modulespipewire-spa-plugins-0_2pipewire-spa-toolspipewire-toolslibldap-2_4-2libldap-2_4-2-32bitlibldap-dataopenldap2openldap2-back-metaopenldap2-back-perlopenldap2-back-sockopenldap2-back-sqlopenldap2-clientopenldap2-contribopenldap2-developenldap2-devel-32bitopenldap2-devel-staticopenldap2-docopenldap2-ppolicy-check-passwordghostscriptghostscript-develghostscript-minighostscript-mini-develghostscript-x11claws-mailclaws-mail-develclaws-mail-langlibetpan-devellibetpan20operagnfreetype2-develfreetype2-devel-32bitfreetype2-profile-tti35ft2demosftbenchftdiffftdumpftgammaftgridftinspectftlintftmultiftstringftvalidftviewlibfreetype6libfreetype6-32bitpython3-CairoSVGpython3-Pillowpython3-Pillow-tklibQt5Pdf5libQt5PdfWidgets5libqt5-qtpdf-devellibqt5-qtpdf-exampleslibqt5-qtpdf-importslibqt5-qtpdf-private-headers-devellibqt5-qtwebenginelibqt5-qtwebengine-devellibqt5-qtwebengine-exampleslibqt5-qtwebengine-private-headers-develarkark-langlibkerfuffle18libkerfuffle20PackageKitPackageKit-backend-dnfPackageKit-backend-zyppPackageKit-branding-upstreamPackageKit-develPackageKit-gstreamer-pluginPackageKit-gtk3-modulePackageKit-langlibpackagekit-glib2-18libpackagekit-glib2-18-32bitlibpackagekit-glib2-devellibpackagekit-glib2-devel-32bittypelib-1_0-PackageKitGlib-1_0gdmgdm-branding-upstreamgdm-develgdm-langgdm-systemdgdmflexiserverlibgdm1typelib-1_0-Gdm-1_0bpftracebpftrace-toolsmupdfmupdf-devel-staticpython2-saltconmonfuse-overlayfslilypondlilypond-doclilypond-doc-cslilypond-doc-delilypond-doc-eslilypond-doc-frlilypond-doc-hulilypond-doc-itlilypond-doc-jalilypond-doc-nllilypond-doc-zhlilypond-emmentaler-fontslilypond-fonts-commonlilypond-texgy-fontsfirejailpdnspdns-backend-geoippdns-backend-godbcpdns-backend-ldappdns-backend-luapdns-backend-mydnspdns-backend-mysqlpdns-backend-postgresqlpdns-backend-remotepdns-backend-sqlite3gnome-settings-daemongnome-settings-daemon-develgnome-settings-daemon-langgnome-shellgnome-shell-calendargnome-shell-develgnome-shell-langgroovygroovy-antgroovy-bsfgroovy-consolegroovy-docgeneratorgroovy-groovydocgroovy-groovyshgroovy-jmxgroovy-jsongroovy-jsr223groovy-libgroovy-niogroovy-servletgroovy-sqlgroovy-swinggroovy-templatesgroovy-testgroovy-testnggroovy-xmllibsvn_auth_gnome_keyring-1-0libsvn_auth_kwallet-1-0subversionsubversion-bash-completionsubversion-develsubversion-perlsubversion-pythonsubversion-python-ctypessubversion-rubysubversion-serversubversion-toolsantant-antlrant-apache-bcelant-apache-bsfant-apache-log4jant-apache-oroant-apache-regexpant-apache-resolverant-apache-xalan2ant-commons-loggingant-commons-netant-imageioant-javamailant-jdependant-jmfant-jschant-junitant-junit5ant-manualant-scriptsant-swingant-testutilant-xzImageMagickImageMagick-config-7-SUSEImageMagick-config-7-upstreamImageMagick-develImageMagick-devel-32bitImageMagick-docImageMagick-extralibMagick++-7_Q16HDRI4libMagick++-7_Q16HDRI4-32bitlibMagick++-devellibMagick++-devel-32bitlibMagickCore-7_Q16HDRI6libMagickCore-7_Q16HDRI6-32bitlibMagickWand-7_Q16HDRI6libMagickWand-7_Q16HDRI6-32bitperl-PerlMagickcargocargo-docclippyrlsrustrust-analysisrust-cbindgenrust-docrust-gdbrust-srcrust-std-staticrustfmtlibopenssl-1_0_0-devellibopenssl-1_0_0-devel-32bitlibopenssl-1_1-devellibopenssl-1_1-devel-32bitlibopenssl10libopenssl1_0_0libopenssl1_0_0-32bitlibopenssl1_0_0-hmaclibopenssl1_0_0-hmac-32bitlibopenssl1_0_0-steamlibopenssl1_0_0-steam-32bitlibopenssl1_1libopenssl1_1-32bitlibopenssl1_1-hmaclibopenssl1_1-hmac-32bitopenssl-1_0_0openssl-1_0_0-cavsopenssl-1_0_0-docopenssl-1_1openssl-1_1-doclibspeex1libspeex1-32bitspeexspeex-develupxicingacliicingaweb2icingaweb2-commonicingaweb2-vendor-HTMLPurifiericingaweb2-vendor-JShrinkicingaweb2-vendor-Parsedownicingaweb2-vendor-dompdficingaweb2-vendor-lessphpicingaweb2-vendor-zf1php-Icingaliblua5_3-5liblua5_3-5-32bitlua53lua53-devellua53-docucode-intelfossilgnutlsgnutls-guilelibgnutls-dane-devellibgnutls-dane0libgnutls-devellibgnutls-devel-32bitlibgnutls30libgnutls30-32bitlibgnutls30-hmaclibgnutls30-hmac-32bitlibgnutlsxx-devellibgnutlsxx28libxml2-2libxml2-2-32bitlibxml2-devellibxml2-devel-32bitlibxml2-doclibxml2-toolspython2-libxml2-pythonpython3-libxml2-pythonlibass-devellibass9libass9-32bitpython2-Flask-Corspython3-Flask-Corslibproxy-devellibproxy-sharplibproxy-toolslibproxy1libproxy1-32bitlibproxy1-config-gnome3libproxy1-config-kdelibproxy1-networkmanagerlibproxy1-pacrunner-webkitperl-Net-Libproxypython-libproxypython3-libproxygnuplotgnuplot-doclibruby2_5-2_5ruby2.5ruby2.5-develruby2.5-devel-extraruby2.5-docruby2.5-doc-riruby2.5-stdlibpython3-djangorestframeworkjackson-databindjackson-databind-javadocspice-vdagentlibpacemaker-devellibpacemaker3pacemakerpacemaker-clipacemaker-ctspacemaker-remotepython2-cryptographypython2-cryptography-vectorspython3-cryptographypython3-cryptography-vectorscephceph-baseceph-commonceph-fuseceph-grafana-dashboardsceph-immutable-object-cacheceph-mdsceph-mgrceph-mgr-cephadmceph-mgr-dashboardceph-mgr-diskprediction-cloudceph-mgr-diskprediction-localceph-mgr-k8seventsceph-mgr-modules-coreceph-mgr-rookceph-monceph-osdceph-prometheus-alertsceph-radosgwceph-testcephadmcephfs-shelllibcephfs-devellibcephfs2librados-devellibrados2libradospp-devellibrbd-devellibrbd1librgw-devellibrgw2python3-ceph-argparsepython3-ceph-commonpython3-cephfspython3-radospython3-rbdpython3-rgwrados-objclass-develrbd-fuserbd-mirrorrbd-nbdlibXvnc-devellibXvnc1tigervnctigervnc-x11vncxorg-x11-Xvncxorg-x11-Xvnc-javaxorg-x11-Xvnc-modulexorg-x11-Xvnc-novncpython-pyOpenSSL-docpython2-cffipython2-pyOpenSSLpython2-urllib3python2-urllib3-testpython3-cffipython3-pyOpenSSLpython3-urllib3python3-urllib3-testkdeconnect-kdekdeconnect-kde-langkdeconnect-kde-zsh-completionjupyter-notebookjupyter-notebook-docjupyter-notebook-langjupyter-notebook-latexpython2-notebookpython2-notebook-langpython3-notebookpython3-notebook-langxstreamxstream-benchmarkxstream-javadocxstream-parentlibwireshark14libwiretap11libwsutil12phpMyAdminsolo-udevjetty-annotationsjetty-clientjetty-continuationjetty-httpjetty-iojetty-jaasjetty-javax-websocket-client-impljetty-javax-websocket-server-impljetty-jmxjetty-jndijetty-jspjetty-minimal-javadocjetty-openidjetty-plusjetty-proxyjetty-securityjetty-serverjetty-servletjetty-utiljetty-util-ajaxjetty-webappjetty-websocket-apijetty-websocket-clientjetty-websocket-commonjetty-websocket-javadocjetty-websocket-serverjetty-websocket-servletjetty-xmleclipse-contributor-toolseclipse-contributor-tools-bootstrapeclipse-equinox-osgieclipse-equinox-osgi-bootstrapeclipse-jdteclipse-jdt-bootstrapeclipse-p2-discoveryeclipse-p2-discovery-bootstrapeclipse-pdeeclipse-pde-bootstrapeclipse-platformeclipse-platform-bootstrapeclipse-swteclipse-swt-bootstrapeclipse-testseclipse-tests-bootstrapcivetwebcivetweb-devellibcivetweb-cpp1_15_0libcivetweb1_15_0libnss_slurm2libslurm35slurm-restpngchecklibxls-devellibxls-toolslibxlsreader8libopenvswitch-2_13-0libovn-20_03-0openvswitchopenvswitch-developenvswitch-docopenvswitch-ipsecopenvswitch-pkiopenvswitch-testopenvswitch-vtepovnovn-centralovn-develovn-docovn-dockerovn-hostovn-vteppython3-ovssddmsddm-branding-openSUSEsddm-branding-upstreamkrb5krb5-32bitkrb5-clientkrb5-develkrb5-devel-32bitkrb5-minikrb5-mini-develkrb5-plugin-kdb-ldapkrb5-plugin-preauth-otpkrb5-plugin-preauth-pkinitkrb5-servergo1.15go1.15-docgo1.15-racepython2-reportlabpython3-reportlabpython-bottle-docpython2-bottlepython3-bottleopenscadmysql-connector-javarclonerclone-bash-completionrclone-zsh-completionlibp11-kit0libp11-kit0-32bitp11-kitp11-kit-32bitp11-kit-develp11-kit-nss-trustp11-kit-nss-trust-32bitp11-kit-toolsblosc-devellibblosc1gdk-pixbuf-develgdk-pixbuf-devel-32bitgdk-pixbuf-langgdk-pixbuf-query-loadersgdk-pixbuf-query-loaders-32bitgdk-pixbuf-thumbnailerlibgdk_pixbuf-2_0-0libgdk_pixbuf-2_0-0-32bittypelib-1_0-GdkPixbuf-2_0typelib-1_0-GdkPixdata-2_0python2-pypython3-pyhawk2crmshcrmsh-scriptscrmsh-test389-ds389-ds-devel389-ds-snmplib389libsvrcore0postsrsdkittypython2-autobahnpython3-autobahnaom-toolslibaom-devellibaom-devel-doclibaom0libaom0-32bitphp7-pearphp7-peclgnome-autoar-devellibgnome-autoar-0-0libgnome-autoar-gtk-0-0typelib-1_0-GnomeAutoar-0_1typelib-1_0-GnomeAutoarGtk-0_1bgziphtsfilelibhts-devellibhts3tabixkmodkmod-bash-completionkmod-compatlibkmod-devellibkmod2libpainter0librfxencode0xrdpxrdp-develcoturncoturn-develcoturn-utilsviewvcatftppython2-bleachpython3-bleachapache2-mod_php7php7php7-bcmathphp7-bz2php7-calendarphp7-ctypephp7-curlphp7-dbaphp7-develphp7-domphp7-embedphp7-enchantphp7-exifphp7-fastcgiphp7-fileinfophp7-firebirdphp7-fpmphp7-ftpphp7-gdphp7-gettextphp7-gmpphp7-iconvphp7-intlphp7-jsonphp7-ldapphp7-mbstringphp7-mysqlphp7-odbcphp7-opcachephp7-opensslphp7-pcntlphp7-pdophp7-pgsqlphp7-pharphp7-posixphp7-readlinephp7-shmopphp7-snmpphp7-soapphp7-socketsphp7-sodiumphp7-sqlitephp7-sysvmsgphp7-sysvsemphp7-sysvshmphp7-testphp7-tidyphp7-tokenizerphp7-xmlreaderphp7-xmlrpcphp7-xmlwriterphp7-xslphp7-zipphp7-zlibnodejs14nodejs14-develnodejs14-docsnodejs8nodejs8-develnodejs8-docsnpm14npm8inninn-develmininewstcpdumpnextcloudruby2.5-rubygem-actionpack-5_1ruby2.5-rubygem-actionpack-doc-5_1ruby2.5-rubygem-activesupport-5_1ruby2.5-rubygem-activesupport-doc-5_1curlcurl-minilibcurl-devellibcurl-devel-32bitlibcurl-mini-devellibcurl4libcurl4-32bitlibcurl4-minic-ares-develc-ares-utilslibcares2libcares2-32bitnextcloud-apachegoogle-compute-engine-initgoogle-compute-engine-oslogingoogle-compute-engine-oslogin-32bitbrotlilibbrotli-devellibbrotlicommon1libbrotlicommon1-32bitlibbrotlidec1libbrotlidec1-32bitlibbrotlienc1libbrotlienc1-32bittartar-backup-scriptstar-doctar-langtar-rmttar-testsgetdatagetdata-develgetdata-doclibf95getdata7libfgetdata6libgetdata++7libgetdata8perl-getdatapython-getdataprivoxyprivoxy-docstunnelstunnel-docisyncpython2-rpmpython3-rpmrpmrpm-32bitrpm-buildrpm-develpython3-Pygmentslibhogweed4libhogweed4-32bitlibnettle-devellibnettle-devel-32bitlibnettle6libnettle6-32bitnettlehtmldoclibspf2-2libspf2-devellibspf2-toolsflatpakflatpak-develflatpak-zsh-completionlibflatpak0libostreelibostree-1-1libostree-devellibostree-grub2system-user-flatpaktypelib-1_0-Flatpak-1_0typelib-1_0-OSTree-1_0xdg-desktop-portalxdg-desktop-portal-develxdg-desktop-portal-gtkxdg-desktop-portal-gtk-langxdg-desktop-portal-langruncnettynetty-javadocnetty-pomsgitgit-archgit-coregit-credential-gnome-keyringgit-credential-libsecretgit-cvsgit-daemongit-docgit-emailgit-guigit-p4git-svngit-webgitkredisnimsyncthingsyncthing-relaysrvpython3-django-registrationerlang-rabbitmq-clientrabbitmq-serverrabbitmq-server-pluginsexiftoolperl-File-RandomAccessperl-Image-ExifToolcaja-extension-nextcloudlibnextcloudsync-devellibnextcloudsync0nautilus-extension-nextcloudnemo-extension-nextcloudnextcloud-desktopnextcloud-desktop-docnextcloud-desktop-dolphinnextcloud-desktop-langruby2.5-rubygem-activerecord-5_1nginxnginx-sourcevim-plugin-nginxsudosudo-develsudo-testnodejs-underscorelibzstd-devellibzstd-devel-staticlibzstd1libzstd1-32bitzstdBotanBotan-doclibbotan-2-10libbotan-2-10-32bitlibbotan-devellibbotan-devel-32bitpython3-botandhcpdhcp-clientdhcp-develdhcp-docdhcp-relaydhcp-serverarpwatcharpwatch-ethercodes-buildgdk-pixbuf-loader-rsvggdk-pixbuf-loader-rsvg-32bitlibrsvg-2-2librsvg-2-2-32bitlibrsvg-devellibrsvg-langrsvg-convertrsvg-thumbnailertypelib-1_0-Rsvg-2_0connmanconnman-clientconnman-develconnman-docconnman-nmcompatconnman-plugin-hh2serial-gpsconnman-plugin-iospmconnman-plugin-l2tpconnman-plugin-openconnectconnman-plugin-openvpnconnman-plugin-polkitconnman-plugin-pptpconnman-plugin-tistconnman-plugin-vpncconnman-plugin-wireguardconnman-testavahiavahi-autoipdavahi-compat-howl-develavahi-compat-mDNSResponder-develavahi-langavahi-monoavahi-utilsavahi-utils-gtklibavahi-client3libavahi-client3-32bitlibavahi-common3libavahi-common3-32bitlibavahi-core7libavahi-devellibavahi-glib-devellibavahi-glib1libavahi-glib1-32bitlibavahi-gobject-devellibavahi-gobject0libavahi-qt4-1libavahi-qt4-devellibavahi-ui-gtk3-0libavahi-ui0libdns_sdlibdns_sd-32bitlibhowl0python3-avahipython3-avahi-gtktypelib-1_0-Avahi-0_6python2-markdown2python3-markdown2screenxtermxterm-bingio-branding-upstreamglib2-develglib2-devel-32bitglib2-devel-staticglib2-langglib2-testsglib2-toolsglib2-tools-32bitlibgio-2_0-0libgio-2_0-0-32bitlibgio-famlibgio-fam-32bitlibglib-2_0-0libglib-2_0-0-32bitlibgmodule-2_0-0libgmodule-2_0-0-32bitlibgobject-2_0-0libgobject-2_0-0-32bitlibgthread-2_0-0libgthread-2_0-0-32bitansibleansible-docansible-testgolang-github-prometheus-prometheusliblasso-develliblasso3python3-lassofluidsynthfluidsynth-devellibfluidsynth1libfluidsynth1-32bithaserlumociapache-commons-ioapache-commons-io-javadocphp-composerlibmpv1mpvmpv-bash-completionmpv-develmpv-zsh-completionlibtcmu2tcmu-runnertcmu-runner-handler-rbdgstreamergstreamer-32bitgstreamer-develgstreamer-docgstreamer-langgstreamer-plugins-badgstreamer-plugins-bad-32bitgstreamer-plugins-bad-chromaprintgstreamer-plugins-bad-chromaprint-32bitgstreamer-plugins-bad-develgstreamer-plugins-bad-docgstreamer-plugins-bad-fluidsynthgstreamer-plugins-bad-fluidsynth-32bitgstreamer-plugins-bad-langgstreamer-plugins-basegstreamer-plugins-base-32bitgstreamer-plugins-base-develgstreamer-plugins-base-devel-32bitgstreamer-plugins-base-docgstreamer-plugins-base-langgstreamer-plugins-goodgstreamer-plugins-good-32bitgstreamer-plugins-good-docgstreamer-plugins-good-extragstreamer-plugins-good-extra-32bitgstreamer-plugins-good-gtkgstreamer-plugins-good-jackgstreamer-plugins-good-jack-32bitgstreamer-plugins-good-langgstreamer-plugins-good-qtqmlgstreamer-plugins-uglygstreamer-plugins-ugly-32bitgstreamer-plugins-ugly-docgstreamer-plugins-ugly-langgstreamer-utilslibgstadaptivedemux-1_0-0libgstadaptivedemux-1_0-0-32bitlibgstallocators-1_0-0libgstallocators-1_0-0-32bitlibgstapp-1_0-0libgstapp-1_0-0-32bitlibgstaudio-1_0-0libgstaudio-1_0-0-32bitlibgstbadaudio-1_0-0libgstbadaudio-1_0-0-32bitlibgstbasecamerabinsrc-1_0-0libgstbasecamerabinsrc-1_0-0-32bitlibgstcodecparsers-1_0-0libgstcodecparsers-1_0-0-32bitlibgstfft-1_0-0libgstfft-1_0-0-32bitlibgstgl-1_0-0libgstgl-1_0-0-32bitlibgstinsertbin-1_0-0libgstinsertbin-1_0-0-32bitlibgstisoff-1_0-0libgstisoff-1_0-0-32bitlibgstmpegts-1_0-0libgstmpegts-1_0-0-32bitlibgstpbutils-1_0-0libgstpbutils-1_0-0-32bitlibgstphotography-1_0-0libgstphotography-1_0-0-32bitlibgstplayer-1_0-0libgstplayer-1_0-0-32bitlibgstreamer-1_0-0libgstreamer-1_0-0-32bitlibgstriff-1_0-0libgstriff-1_0-0-32bitlibgstrtp-1_0-0libgstrtp-1_0-0-32bitlibgstrtsp-1_0-0libgstrtsp-1_0-0-32bitlibgstsctp-1_0-0libgstsctp-1_0-0-32bitlibgstsdp-1_0-0libgstsdp-1_0-0-32bitlibgsttag-1_0-0libgsttag-1_0-0-32bitlibgsturidownloader-1_0-0libgsturidownloader-1_0-0-32bitlibgstvideo-1_0-0libgstvideo-1_0-0-32bitlibgstwayland-1_0-0libgstwayland-1_0-0-32bitlibgstwebrtc-1_0-0libgstwebrtc-1_0-0-32bittypelib-1_0-Gst-1_0typelib-1_0-GstAllocators-1_0typelib-1_0-GstApp-1_0typelib-1_0-GstAudio-1_0typelib-1_0-GstGL-1_0typelib-1_0-GstInsertBin-1_0typelib-1_0-GstMpegts-1_0typelib-1_0-GstPbutils-1_0typelib-1_0-GstPlayer-1_0typelib-1_0-GstRtp-1_0typelib-1_0-GstRtsp-1_0typelib-1_0-GstSdp-1_0typelib-1_0-GstTag-1_0typelib-1_0-GstVideo-1_0typelib-1_0-GstWebRTC-1_0djvulibredjvulibre-doclibdjvulibre-devellibdjvulibre21fail2banmonitoring-plugins-fail2banhiredishiredis-devellibhiredis0_13apache2-mod_auth_openidcprosodypython3-HyperKittylibgupnp-1_2-0libgupnp-1_2-0-32bitlibgupnp-develtypelib-1_0-GUPnP-1_0libgcrypt-cavslibgcrypt-devellibgcrypt-devel-32bitlibgcrypt20libgcrypt20-32bitlibgcrypt20-hmaclibgcrypt20-hmac-32bitjdom2jdom2-javadoclibsystemd0libsystemd0-32bitlibsystemd0-minilibudev-devellibudev-devel-32bitlibudev-mini-devellibudev-mini1libudev1libudev1-32bitnss-myhostnamenss-myhostname-32bitnss-mymachinesnss-mymachines-32bitnss-systemdsystemdsystemd-32bitsystemd-bash-completionsystemd-containersystemd-coredumpsystemd-develsystemd-journal-remotesystemd-loggersystemd-minisystemd-mini-bash-completionsystemd-mini-container-minisystemd-mini-coredump-minisystemd-mini-develsystemd-mini-sysvinitsystemd-networksystemd-sysvinitudevudev-minigo1.16go1.16-docgo1.16-racep7zipp7zip-docp7zip-fulllibQt5Svg5libQt5Svg5-32bitlibqt5-qtsvg-devellibqt5-qtsvg-devel-32bitlibqt5-qtsvg-exampleslibqt5-qtsvg-private-headers-develhivexhivex-develhivex-langlibhivex0ocaml-hivexocaml-hivex-develperl-Win-Hivexpython-hivexliblz4-1liblz4-1-32bitliblz4-devellz4apache-commons-compressapache-commons-compress-javadoclibpolkit0libpolkit0-32bitpolkitpolkit-develpolkit-doctypelib-1_0-Polkit-1_0tpm2.0-toolscariboucaribou-commoncaribou-develcaribou-gtk-module-commoncaribou-gtk2-modulecaribou-gtk3-modulecaribou-langlibcaribou0typelib-1_0-Caribou-1_0linuxptplibipa_hbac-devellibipa_hbac0libnfsidmap-ssslibsss_certmap-devellibsss_certmap0libsss_idmap-devellibsss_idmap0libsss_nss_idmap-devellibsss_nss_idmap0libsss_simpleifp-devellibsss_simpleifp0python3-ipa_hbacpython3-sss-murmurpython3-sss_nss_idmappython3-sssd-configsssdsssd-adsssd-commonsssd-dbussssd-ipasssd-krb5sssd-krb5-commonsssd-ldapsssd-proxysssd-toolssssd-wbclientsssd-wbclient-develsssd-winbind-idmapfetchmailfetchmailconflibblkid-devellibblkid-devel-32bitlibblkid-devel-staticlibblkid1libblkid1-32bitlibfdisk-devellibfdisk-devel-staticlibfdisk1libmount-devellibmount-devel-32bitlibmount-devel-staticlibmount1libmount1-32bitlibsmartcols-devellibsmartcols-devel-staticlibsmartcols1libuuid-devellibuuid-devel-32bitlibuuid-devel-staticlibuuid1libuuid1-32bitpython3-libmountutil-linuxutil-linux-langutil-linux-systemduuiddlibspectre-devellibspectre1cpiocpio-langcpio-mtgrilo-develgrilo-langgrilo-toolslibgrilo-0_3-0libgrlnet-0_3-0libgrlpls-0_3-0typelib-1_0-Grl-0_3typelib-1_0-GrlNet-0_3typelib-1_0-GrlPls-0_3libncurses5libncurses5-32bitlibncurses6libncurses6-32bitncurses-develncurses-devel-32bitncurses-utilsncurses5-develncurses5-devel-32bittackterminfoterminfo-baseterminfo-itermterminfo-screenhaproxylog4j12log4j12-javadoclog4j12-manuallog4j12-ministrongswanstrongswan-docstrongswan-hmacstrongswan-ipsecstrongswan-libs0strongswan-mysqlstrongswan-nmstrongswan-sqlitebarrierlibtinyxml0tinyxml-develtinyxml-docspython-Babel-docpython2-Babelpython3-Babelpython3-Babel-docgmp-develgmp-devel-32bitlibgmp10libgmp10-32bitlibgmpxx4libgmpxx4-32bitdisruptordisruptor-javadocjakarta-servletjakarta-servlet-javadoclog4jlog4j-javadoclog4j-jcllog4j-slf4jlogbacklogback-accesslogback-exampleslogback-javadocc-toxcorec-toxcore-daemonc-toxcore-devellibtoxcore2(i586|x86_64)0:0.98-lp152.4.3.1b88b2fd43dbdc28415.2(noarch)0:3.1.2-lp152.6.3.1(i586|x86_64)0:1.26.2-lp152.5.3.1(x86_64)0:1.26.2-lp152.5.3.1(i586|x86_64)0:1.642-lp152.2.9.1(noarch)0:3.1-lp152.6.3.1(i586|x86_64)0:3.36.0-lp152.4.3.1(x86_64)0:3.36.0-lp152.4.3.1(noarch)0:3.36.0-lp152.4.3.1(i586|x86_64)0:2.9-lp152.8.3.1(i586|x86_64)0:1.4.0-lp152.4.3.1(x86_64)0:1.4.0-lp152.4.3.1(i586|i686|x86_64)0:2.26-lp152.26.12.1(x86_64)0:2.26-lp152.26.12.1(i586|x86_64)0:2.26-lp152.26.12.1(noarch)0:2.26-lp152.26.12.1(i586|x86_64)0:4.11.14+git.308.666c63d4eea-lp152.3.28.1(x86_64)0:4.11.14+git.308.666c63d4eea-lp152.3.28.1(noarch)0:4.11.14+git.308.666c63d4eea-lp152.3.28.1(x86_64)0:3.06.0.1-lp152.7.6.1(noarch)0:0.10.23-lp152.4.3.1(x86_64)0:4.4.6-lp152.2.3.1(noarch)0:4.4.6-lp152.2.3.1(noarch)0:3.52-lp152.4.3.1(i586|x86_64)0:2.0.14-lp152.7.3.1(x86_64)0:2.0.14-lp152.7.3.1(x86_64)0:4.94.2-lp152.8.3.1(x86_64)0:1.6.8-lp152.5.3.1(noarch)0:1.28-lp152.2.3.1(i586|x86_64)0:0.9.10-lp152.9.8.1(i586|x86_64)0:2.0.15-lp152.4.3.1(x86_64)0:2.0.15-lp152.4.3.1(i586|x86_64)0:9.16.6-lp152.14.3.1(x86_64)0:9.16.6-lp152.14.3.1(noarch)0:9.16.6-lp152.14.3.1(i586|x86_64)0:1.18.0-lp152.4.3.1(x86_64)0:1.18.0-lp152.4.3.1(noarch)0:2.0-lp152.5.3.1(x86_64)0:0.44-lp152.2.3.1(i586|x86_64)0:17.25.5-lp152.2.16.1(noarch)0:4.2.48-lp152.2.12.1(i586|x86_64)0:1.14.41-lp152.2.12.1(noarch)0:1.14.41-lp152.2.12.1(i586|x86_64)0:2.14.02-lp152.4.3.1(i586|x86_64)0:2.40.1-lp152.7.7.1(i586|x86_64)0:5.4.0-lp152.7.3.1(x86_64)0:5.4.0-lp152.7.3.1(i586|x86_64)0:3.1.4-lp152.5.3.1(x86_64)0:3.1.4-lp152.5.3.1(i586|x86_64)0:1.0.28-lp152.6.3.1(x86_64)0:1.0.28-lp152.6.3.1(x86_64)0:5.3.18-lp152.102.1(x86_64)0:5.3.18-lp152.102.1.lp152.8.49.1(noarch)0:5.3.18-lp152.102.1(i586|x86_64)0:0.6-lp152.6.3.1(x86_64)0:0.6-lp152.6.3.1(noarch)0:2.5.0-lp152.2.3.1(i586|x86_64)0:4.8.7-lp152.10.3.1(x86_64)0:4.8.7-lp152.10.3.1(noarch)0:4.8.7-lp152.10.3.1(x86_64)0:3002.2-lp152.3.36.1(noarch)0:3002.2-lp152.3.36.1(x86_64)0:0.19.8.1-lp152.6.3.1(i586|x86_64)0:0.19.8.1-lp152.6.3.1(noarch)0:0.19.8.1-lp152.6.3.1(x86_64)0:1.29.3-lp152.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.1c-lp152.2.3.1(x86_64)0:1.1.10-lp152.4.3.1(x86_64)0:2.4.3-lp152.6.3.1(i586|x86_64)0:4.2.8p15-lp152.3.3.1(noarch)0:6.0.29-lp152.2.3.4(x86_64)0:1.19.2-lp152.2.3.1(noarch)0:20210112-lp152.2.6.1(x86_64)0:2.2.1-lp152.4.9.1(noarch)0:2.2.1-lp152.4.9.1(noarch)0:0.1.1590413773.a959db7-lp152.2.3.1(noarch)0:1.3.15-lp152.4.3.1(i586|x86_64)0:2.40.1-lp152.7.4.2(x86_64)0:3.4.5-lp152.10.3.1(x86_64)0:2.05-lp152.10.3.1(x86_64)0:0.103.0-lp152.6.3.1(i586|x86_64)0:2.35-lp152.4.3.1(x86_64)0:2.35-lp152.4.3.1(aarch64|ppc64le|s390x|x86_64)0:4.3.4-lp152.2.3.1(noarch)0:1.0.0-lp152.5.3.1(i586|x86_64)0:1.2.15-lp152.5.3.1(x86_64)0:1.2.15-lp152.5.3.1(x86_64)0:3.2.8a-lp152.6.6.2(i586|x86_64)0:201911-lp152.6.5.1(noarch)0:201911-lp152.6.5.1(x86_64)0:201911-lp152.6.5.1(i586|x86_64)0:201911-lp152.6.8.1(noarch)0:201911-lp152.6.8.1(x86_64)0:201911-lp152.6.8.1(x86_64)0:15.4-lp152.4.8.1(i586|x86_64)0:4.0.9-lp152.11.3.1(x86_64)0:4.0.9-lp152.11.3.1(x86_64)0:7.0.3-lp152.2.3.1(noarch)0:1.4.0-lp152.2.3.1(noarch)0:1.0.9-lp152.2.3.1(noarch)0:20200107-lp152.2.9.1(x86_64)0:2021.05.22-lp152.3.6.1(x86_64)0:2.0+git.1461714863.10636a4-lp152.5.3.1(x86_64)0:4.2.1-lp152.9.16.2(noarch)0:1.0.0+-lp152.9.16.2(x86_64)0:4.2.1-lp152.9.16.1(noarch)0:4.2.1-lp152.9.16.2(noarch)0:1.12.1+-lp152.9.16.2(noarch)0:8-lp152.9.16.2(x86_64)0:4.2.1-lp152.9.16.7(i586|x86_64)0:0.19.0-lp152.3.3.1(x86_64)0:0.19.0-lp152.3.3.1(x86_64)0:0.9.1-lp152.3.3.1(x86_64)0:2.9-lp152.2.3.1(i586|x86_64)0:1.6.2-lp152.4.3.1(x86_64)0:1.6.2-lp152.4.3.1(x86_64)0:2.6.5-lp152.2.3.1(noarch)0:1.4.3-lp152.4.3.1(i586|x86_64)0:3.6.12-lp152.4.14.1(x86_64)0:3.6.12-lp152.4.14.1(i586|x86_64)0:1.9.0-lp152.8.3.1(x86_64)0:1.9.0-lp152.8.3.1(i586|x86_64)0:1.0.5-lp152.2.3.1(x86_64)0:1.0.5-lp152.2.3.1(i586|x86_64)0:1.40.0-lp152.2.3.1(x86_64)0:1.40.0-lp152.2.3.1(x86_64)0:5.3.18-lp152.3.8.1(x86_64)0:5.3.18-lp152.69.1(x86_64)0:5.3.18-lp152.69.1.lp152.8.28.1(noarch)0:5.3.18-lp152.69.1(noarch)0:5.3.18-lp152.3.8.1(x86_64)0:2.4-lp152.5.3.1(i586|x86_64)0:1.6.8-lp152.9.3.1(x86_64)0:1.6.8-lp152.9.3.1(noarch)0:1.6.8-lp152.9.3.1(x86_64)0:5.3.18-lp152.3.5.1(x86_64)0:5.3.18-lp152.26.2(x86_64)0:5.3.18-lp152.26.2.lp152.8.2.2(noarch)0:5.3.18-lp152.26.2(noarch)0:5.3.18-lp152.3.5.1(x86_64)0:3.40-lp152.3.3.1(i586|x86_64)0:1.0.6-lp152.4.3.1(x86_64)0:4.7.3-lp152.2.6.1(noarch)0:4.7.3-lp152.2.6.1(i586|x86_64)0:8.45-lp152.7.6.1(x86_64)0:8.45-lp152.7.6.1(noarch)0:8.45-lp152.7.6.1(i586|x86_64)0:2.7.17-lp152.3.3.1(x86_64)0:2.7.17-lp152.3.3.1(noarch)0:2.7.17-lp152.3.3.1(i586|x86_64)0:2.7.17-lp152.3.12.1(x86_64)0:2.7.17-lp152.3.12.1(i586|x86_64)0:3.6.12-lp152.4.17.1(x86_64)0:3.6.12-lp152.4.17.1(noarch)0:2.7.17-lp152.3.12.1(noarch)0:10.0.1-lp152.4.6.1(noarch)0:40.5.0-lp152.3.3.1(i586|x86_64)0:1.642-lp152.2.6.1(i586|i686|x86_64)0:2.26-lp152.26.6.1(x86_64)0:2.26-lp152.26.6.1(i586|x86_64)0:2.26-lp152.26.6.1(noarch)0:2.26-lp152.26.6.1(i586|x86_64)0:0.60.8-lp152.2.3.1(x86_64)0:0.60.8-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:1.35.0-lp152.5.3.1(noarch)0:1.35.0-lp152.5.3.1(x86_64)0:1.16.1-lp152.4.3.1(i586|x86_64)0:4.5.2-lp152.7.3.1(noarch)0:4.5.2-lp152.7.3.1(i586|x86_64)0:1.8.5-lp152.4.3.1(x86_64)0:2019.06.28-lp152.3.3.1(x86_64)0:87.0.4280.66-lp152.2.51.1(i586|x86_64)0:2.2.7-lp152.9.3.1(x86_64)0:2.2.7-lp152.9.3.1(i586|x86_64)0:2021.8.22-lp152.5.3.1(x86_64)0:0.8-lp152.6.2.1(x86_64)0:0.8_k5.3.18_lp152.36-lp152.6.2.1(x86_64)0:7.2.8-lp152.3.2.1(x86_64)0:7.2.8_k5.3.18_lp152.36-lp152.3.2.1(x86_64)0:19.11.1-lp152.2.5.1(noarch)0:19.11.1-lp152.2.5.1(x86_64)0:19.11.1_k5.3.18_lp152.36-lp152.2.5.1(x86_64)0:9.0.22~1+git.fe2b5983-lp152.2.2.1(x86_64)0:9.0.22~1+git.fe2b5983_k5.3.18_lp152.36-lp152.2.2.1(x86_64)0:1.28_k5.3.18_lp152.36-lp152.6.2.1(x86_64)0:5.3.18-lp152.36.1(noarch)0:5.3.18-lp152.36.1(x86_64)0:1.62-lp152.2.2.1(x86_64)0:1.62_k5.3.18_lp152.36-lp152.2.2.1(x86_64)0:1.8.5-lp152.2.2.1(x86_64)0:1.8.5_k5.3.18_lp152.36-lp152.2.2.1(x86_64)0:0.44-lp152.4.2.1(x86_64)0:0.44_k5.3.18_lp152.36-lp152.4.2.1(x86_64)0:6.1.10-lp152.2.2.1(x86_64)0:5.6.4.2+git20200318.49e98ff-lp152.2.2.1(x86_64)0:5.6.4.2+git20200318.49e98ff_k5.3.18_lp152.36-lp152.2.2.1(x86_64)0:0.26.5-lp152.3.2.1(x86_64)0:0.26.5_k5.3.18_lp152.36-lp152.3.2.1(x86_64)0:0.12.5_k5.3.18_lp152.36-lp152.2.2.1(x86_64)0:0.12.5-lp152.2.2.1(x86_64)0:20200106_k5.3.18_lp152.36-lp152.2.2.1(noarch)0:6.1.10-lp152.2.2.1(x86_64)0:6.1.10_k5.3.18_lp152.36-lp152.2.2.1(x86_64)0:3.9-lp152.2.2.1(x86_64)0:3.9_k5.3.18_lp152.36-lp152.2.2.1(x86_64)0:5.3.18-lp152.44.1(x86_64)0:5.3.18-lp152.44.1.lp152.8.8.1(noarch)0:5.3.18-lp152.44.1(x86_64)0:5.3.18-lp152.60.1(noarch)0:5.3.18-lp152.60.1(i586|x86_64)0:1.3.2-lp152.5.3.1(x86_64)0:1.3.2-lp152.5.3.1(noarch)0:1.3.2-lp152.5.3.1(x86_64)0:4.13.1_04-lp152.2.3.1(i586|x86_64)0:4.13.1_04-lp152.2.3.1(noarch)0:4.13.1_04-lp152.2.3.1(i586|x86_64)0:5.48-lp152.12.3.1(noarch)0:5.48-lp152.12.3.1(x86_64)0:5.48-lp152.12.3.1(aarch64|ppc64le|s390x|x86_64)0:0.4.4.6-lp152.2.3.1(x86_64)0:2020.01-lp152.9.9.1(i586|x86_64)0:4.11.11+git.180.2cf3b203f07-lp152.3.6.1(i586|x86_64)0:2.0.12-lp152.2.6.1(x86_64)0:4.11.11+git.180.2cf3b203f07-lp152.3.6.1(x86_64)0:2.0.12-lp152.2.6.1(noarch)0:4.11.11+git.180.2cf3b203f07-lp152.3.6.1(i586|x86_64)0:2.04-lp152.7.3.4(noarch)0:2.04-lp152.7.3.4(x86_64)0:0.8.6-lp152.2.4.1(x86_64)0:0.4.7-lp152.2.3.1(x86_64)0:1.2.14-lp152.3.9.1(noarch)0:1.2.14-lp152.3.9.1(x86_64)0:4.2.1-lp152.9.3.1(noarch)0:1.0.0+-lp152.9.3.1(noarch)0:4.2.1-lp152.9.3.1(noarch)0:1.12.1+-lp152.9.3.1(noarch)0:8-lp152.9.3.1(i586|x86_64)0:2.16.9-lp152.2.3.1(x86_64)0:2.16.9-lp152.2.3.1(noarch)0:1.2.13-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:1.2.13-lp152.2.3.1(noarch)0:6.0.30-lp152.2.6.1(x86_64)0:4.3.5-lp152.4.3.1(noarch)0:0.19.0-lp152.6.3.1(i586|x86_64)0:1.40.0-lp152.2.6.1(x86_64)0:1.40.0-lp152.2.6.1(i586|x86_64)0:3.2.5-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:3.0.31-lp152.2.3.1(noarch)0:3.0.31-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:2.2.2-lp152.4.3.1(noarch)0:2.2.2-lp152.4.3.1(x86_64)0:4.2.1-lp152.9.9.2(noarch)0:1.0.0+-lp152.9.9.2(x86_64)0:4.2.1-lp152.9.9.3(noarch)0:4.2.1-lp152.9.9.2(noarch)0:1.12.1+-lp152.9.9.2(noarch)0:8-lp152.9.9.2(x86_64)0:4.2.1-lp152.9.9.5(i586|x86_64)0:2.4.43-lp152.2.3.1(noarch)0:2.4.43-lp152.2.3.1(noarch)0:9.0.36-lp152.2.3.1(i586|x86_64)0:1.12.2-lp152.6.6.1(x86_64)0:1.12.2-lp152.6.6.1(noarch)0:1.12.2-lp152.6.6.1(x86_64)0:2.3.11.3-lp152.2.6.1(x86_64)0:2.1.34-lp152.7.3.1(noarch)0:20200107-lp152.2.3.1(x86_64)0:5.3.18-lp152.47.2(x86_64)0:5.3.18-lp152.50.1.lp152.8.10.1(noarch)0:5.3.18-lp152.47.2(noarch)0:5.3.18-lp152.47.1(x86_64)0:5.3.18-lp152.47.1(x86_64)0:5.3.18-lp152.66.2(x86_64)0:5.3.18-lp152.66.2.lp152.8.23.2(noarch)0:5.3.18-lp152.66.2(noarch)0:20200107-lp152.2.6.1(i586|x86_64)0:3.68-lp152.2.10.1(x86_64)0:3.68-lp152.2.10.1(i586|x86_64)0:4.32-lp152.2.6.1(x86_64)0:4.32-lp152.2.6.1(x86_64)0:78.0.1-lp152.2.5.1(i586|x86_64)0:3.53.1-lp152.2.4.1(x86_64)0:3.53.1-lp152.2.4.1(x86_64)0:68.10.0-lp152.2.4.1(x86_64)0:0.8.2-lp152.2.3.1(x86_64)0:2.3.10-lp152.2.3.1(x86_64)0:18.08.9-lp152.2.1(x86_64)0:1.3.0-lp152.4.3.1(x86_64)0:5.3.18-lp152.33.1(x86_64)0:5.3.18-lp152.33.1.lp152.8.4.4(noarch)0:5.3.18-lp152.33.1(x86_64)0:6.4.5.2-lp152.2.3.1(noarch)0:6.4.5.2-lp152.2.3.1(x86_64)0:7.08-lp152.9.4.2(noarch)0:7.08-lp152.9.4.2(i586|x86_64)0:0.6.13-lp152.2.3.1(x86_64)0:0.6.13-lp152.2.3.1(x86_64)0:4.2.1-lp152.9.12.1(noarch)0:1.0.0+-lp152.9.12.1(noarch)0:4.2.1-lp152.9.12.1(noarch)0:1.12.1+-lp152.9.12.1(noarch)0:8-lp152.9.12.1(i586|x86_64)0:1.0.31-lp152.7.3.1(x86_64)0:1.0.31-lp152.7.3.1(x86_64)0:3.0.11.1-lp152.2.9.1(noarch)0:3.0.11.1-lp152.2.9.1(noarch)0:1.6.1-lp152.2.6.1(i586|x86_64)0:2.30.3-lp152.2.7.3(x86_64)0:2.30.3-lp152.2.7.3(noarch)0:2.30.3-lp152.2.7.3(i586|x86_64)0:2.30.5-lp152.2.10.5(x86_64)0:2.30.5-lp152.2.10.5(noarch)0:2.30.5-lp152.2.10.5(x86_64)0:2.8.102-lp152.2.3.1(noarch)0:2.8.102-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:2.6.1-lp152.2.3.1(noarch)0:2.6.1-lp152.2.3.1(i586|x86_64)0:2.62.4-lp152.2.3.1(x86_64)0:2.62.4-lp152.2.3.1(noarch)0:2.62.4-lp152.2.3.1(noarch)0:3.4.2-lp152.4.3.1(i586|x86_64)0:1.5.3-lp152.8.3.1(i586|x86_64)0:62.2.0-lp152.8.3.1(x86_64)0:62.2.0-lp152.8.3.1(i586|x86_64)0:8.1.2-lp152.8.3.1(x86_64)0:8.1.2-lp152.8.3.1(x86_64)0:10.2.1+git583-lp152.2.2(i586|x86_64)0:7.5.0+r278197-lp152.3.3.1(x86_64)0:10.2.1+git583-lp152.2.1(noarch)0:10.2.1+git583-lp152.2.2(x86_64)0:7.5.0+r278197-lp152.3.3.1(noarch)0:7.5.0+r278197-lp152.3.3.1(x86_64)0:1.0-lp152.4.3.2(x86_64)0:3.6.0-lp152.2.3.1(noarch)0:2.1.52-lp152.2.3.1(noarch)0:9.0.36-lp152.2.4.1(noarch)0:1.7-lp152.5.3.1(noarch)0:9.0.36-lp152.2.10.1(i586|x86_64)0:2.4.43-lp152.2.15.1(noarch)0:2.4.43-lp152.2.15.1(i586|x86_64)0:5.12.7-lp152.3.3.1(x86_64)0:5.12.7-lp152.3.3.1(noarch)0:5.12.7-lp152.3.3.1(i586|x86_64)0:0.7.8.6-lp152.18.12.1(i586|x86_64)0:2.1.4-lp152.18.12.1(aarch64|ppc64le|x86_64)0:2.12.1-lp152.3.3.3(noarch)0:2.1.73-lp152.2.3.1(x86_64)0:1.13.14-lp152.2.4.1(x86_64)0:1.14.7-lp152.2.3.1(x86_64)0:4.12-lp152.2.3.1(x86_64)0:1.10.1-lp152.3.3.1(noarch)0:1.10.1-lp152.3.3.1(x86_64)0:20201120-lp152.2.3.1(noarch)0:20201120-lp152.2.3.1(i586|x86_64)0:8.1p1-lp152.4.9.1(x86_64)0:8.1p1-lp152.4.9.1(aarch64|ppc64le|s390x|x86_64)0:4.3.5-lp152.2.6.1(i586|x86_64)0:2.86-lp152.7.6.1(x86_64)0:5.3.18-lp152.41.1(x86_64)0:5.3.18-lp152.41.1.lp152.8.6.2(noarch)0:5.3.18-lp152.41.1(i586|x86_64)0:4.11.14+git.202.344b137b75d-lp152.3.16.1(x86_64)0:4.11.14+git.202.344b137b75d-lp152.3.16.1(noarch)0:4.11.14+git.202.344b137b75d-lp152.3.16.1(i586|x86_64)0:6.0.0-lp152.9.3.1(noarch)0:6.0.0-lp152.9.3.1(x86_64)0:6.0.0-lp152.9.3.1(i586|x86_64)0:6.9-lp152.2.3.1(i586|x86_64)0:5.3.1-lp152.3.3.1(i586|x86_64)0:1.6.5-lp152.5.6.1(x86_64)0:1.6.5-lp152.5.6.1(noarch)0:1.6.5-lp152.5.6.1(i586|x86_64)0:1.13-lp152.5.3.1(x86_64)0:1.13-lp152.5.3.1(noarch)0:1.13-lp152.5.3.1(i586|x86_64)0:1.20.3-lp152.8.3.1(i586|x86_64)0:12.4-lp152.3.7.1(x86_64)0:12.4-lp152.3.7.1(noarch)0:12.0.1-lp152.3.3.2(i586|x86_64)0:10.14-lp152.2.6.2(noarch)0:10.14-lp152.2.6.2(x86_64)0:11.9-lp152.3.3.1(noarch)0:11.9-lp152.3.3.1(noarch)0:12.4-lp152.3.7.1(i586|x86_64)0:9.6.19-lp152.2.3.1(noarch)0:9.6.19-lp152.2.3.1(x86_64)0:5.3.18-lp152.50.1(noarch)0:5.3.18-lp152.50.1(i586|x86_64)0:1.12.1-lp152.2.6.1(x86_64)0:0.37-lp152.2.3.1(i586|x86_64)0:0.14.2-lp152.2.3.1(noarch)0:0.37-lp152.2.3.1(i586|x86_64)0:1.20.3-lp152.8.12.1(i586|x86_64)0:1.20.3-lp152.8.6.1(i586|x86_64)0:1.6.5-lp152.5.9.1(x86_64)0:1.6.5-lp152.5.9.1(noarch)0:1.6.5-lp152.5.9.1(x86_64)0:2.1.1-lp152.4.6.1(noarch)0:2.1.1-lp152.4.6.1(i586|x86_64)0:2.04-lp152.7.22.7(noarch)0:2.04-lp152.7.22.7(x86_64)0:19.11.4-lp152.2.8.1(noarch)0:19.11.4-lp152.2.8.1(x86_64)0:19.11.4_k5.3.18_lp152.41-lp152.2.8.1(i586|x86_64)0:1.642-lp152.2.3.1(noarch)0:1.0.18-lp152.4.3.1(noarch)0:1.2.18-lp152.2.15.1(aarch64|ppc64le|s390x|x86_64)0:1.2.18-lp152.2.12.1(i586|x86_64)0:11.0.8.0-lp152.2.3.1(noarch)0:11.0.8.0-lp152.2.3.1(x86_64)0:1.8.0.272-lp152.3.3.1(noarch)0:1.8.0.272-lp152.3.3.1(i586|x86_64)0:1.8.0.272-lp152.2.3.1(noarch)0:1.8.0.272-lp152.2.3.1(x86_64)0:6.1.14-lp152.2.5.1(noarch)0:6.1.14-lp152.2.5.1(x86_64)0:6.1.14_k5.3.18_lp152.41-lp152.2.5.1(i586|x86_64)0:4.11.13+git.189.e9bd318cd13-lp152.3.13.1(x86_64)0:4.11.13+git.189.e9bd318cd13-lp152.3.13.1(noarch)0:4.11.13+git.189.e9bd318cd13-lp152.3.13.1(i586|x86_64)0:3.1.11-lp152.4.1(x86_64)0:3.1.11-lp152.4.1(i586|x86_64)0:10.4.17-lp152.2.8.1(noarch)0:10.4.17-lp152.2.8.1(i586|x86_64)0:11.0.9.0-lp152.2.6.2(noarch)0:11.0.9.0-lp152.2.6.2(i586|x86_64)0:1.8.0.282-lp152.2.9.1(noarch)0:1.8.0.282-lp152.2.9.1(i586|x86_64)0:3.34.4-lp152.2.3.1(x86_64)0:3.34.4-lp152.2.3.1(noarch)0:3.34.4-lp152.2.3.1(x86_64)0:2.24-lp152.5.3.1(x86_64)0:5.07-lp152.5.3.1(x86_64)0:2.99-lp152.5.3.1(x86_64)0:3.0.1-lp152.4.3.1(noarch)0:3.0.1-lp152.4.3.1(x86_64)0:4.13-lp152.2.6.1(i586|x86_64)0:10.22.1-lp152.2.6.1(noarch)0:10.22.1-lp152.2.6.1(x86_64)0:12.18.4-lp152.3.6.1(noarch)0:12.18.4-lp152.3.6.1(i586|x86_64)0:1.2.1-lp152.5.3.1(x86_64)0:1.2.1-lp152.5.3.1(x86_64)0:4.2.3-lp152.7.3.1(x86_64)0:2.1.2-lp152.7.3.1(x86_64)0:3.6.4-lp152.2.9.1(aarch64|ppc64le|s390x|x86_64)0:2.1.4-lp152.2.3.1(noarch)0:2.1.4-lp152.2.3.1(x86_64)0:1.3.9-lp152.2.3.1(x86_64)0:19.03.15_ce-lp152.2.3.1(noarch)0:19.03.15_ce-lp152.2.3.1(x86_64)0:0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1(x86_64)0:1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1(x86_64)0:2.7.1-lp152.5.3.1(noarch)0:1.9.11-lp152.3.3.1(i586|x86_64)0:2.2.1-lp152.7.5.1(x86_64)0:2.2.1-lp152.7.5.1(x86_64)0:20.08-lp152.4.3.1(i586|x86_64)0:20.08-lp152.4.3.1(x86_64)0:7.0.3-lp152.3.6.1(x86_64)0:5.3.18-lp152.54.1(x86_64)0:5.3.18-lp152.57.1.lp152.8.17.1(noarch)0:5.3.18-lp152.54.1(noarch)0:5.3.18-lp152.54.2(i586|x86_64)0:0.18.9-lp152.5.3.1(noarch)0:1.64-lp152.2.3.1(x86_64)0:78.1.0-lp152.2.15.1(x86_64)0:68.11.0-lp152.2.7.1(x86_64)0:0.3.6-lp152.2.3.1(x86_64)0:78.2.0-lp152.2.18.1(x86_64)0:68.12.0-lp152.2.10.1(x86_64)0:78.3.0-lp152.2.21.1(x86_64)0:78.4.0-lp152.2.13.1(i586|x86_64)0:4.25.1-lp152.2.3.1(x86_64)0:4.25.1-lp152.2.3.1(x86_64)0:78.4.0-lp152.2.24.1(x86_64)0:78.7.0-lp152.2.29.1(i586|x86_64)0:2.04-lp152.7.9.1(noarch)0:2.04-lp152.7.9.1(i586|x86_64)0:6.0.0-lp152.9.6.2(noarch)0:6.0.0-lp152.9.6.2(x86_64)0:6.0.0-lp152.9.6.2(i586|x86_64)0:2.4.46-lp152.14.6.1(x86_64)0:2.4.46-lp152.14.6.1(noarch)0:2.4.46-lp152.14.6.1(i586|x86_64)0:1.2-lp152.14.6.1(x86_64)0:4.2.1-lp152.9.6.1(noarch)0:1.0.0+-lp152.9.6.1(noarch)0:4.2.1-lp152.9.6.1(noarch)0:1.12.1+-lp152.9.6.1(noarch)0:8-lp152.9.6.1(i586|x86_64)0:9.52-lp152.2.4.1(aarch64|ppc64le|s390x|x86_64)0:3.18.0-lp152.3.9.1(noarch)0:3.18.0-lp152.3.9.1(x86_64)0:1.9.4-lp152.3.3.1(x86_64)0:85.0.4183.102-lp152.2.30.1(x86_64)0:71.0.3770.228-lp152.2.18.1(x86_64)0:85.0.4183.121-lp152.2.33.1(x86_64)0:86.0.4240.75-lp152.2.39.1(x86_64)0:0.1807-lp152.2.3.1(x86_64)0:87.0.4280.141-lp152.2.60.1(x86_64)0:73.0.3856.344-lp152.2.30.1(x86_64)0:78.5.0-lp152.2.33.1(x86_64)0:78.5.0-lp152.2.19.1(x86_64)0:86.0.4240.111-lp152.2.42.1(i586|x86_64)0:2.10.1-lp152.2.5.1(x86_64)0:2.10.1-lp152.2.5.1(noarch)0:2.10.1-lp152.2.5.1(noarch)0:2.5.1-lp152.2.3.1(x86_64)0:8.3.1-lp152.5.3.1(x86_64)0:72.0.3815.320-lp152.2.21.1(aarch64|x86_64)0:86.0.4240.183-lp152.2.45.1(aarch64|x86_64)0:86.0.4240.198-lp152.2.48.1(x86_64)0:72.0.3815.400-lp152.2.24.1(x86_64)0:87.0.4280.88-lp152.2.57.1(x86_64)0:73.0.3856.284-lp152.2.27.1(x86_64)0:78.6.0-lp152.2.34.1(x86_64)0:78.6.0-lp152.2.23.1(x86_64)0:78.6.1-lp152.2.40.1(x86_64)0:78.6.1-lp152.2.26.1(x86_64)0:88.0.4324.96-lp152.2.66.1(i586|x86_64)0:5.15.3-lp152.3.3.4(noarch)0:5.15.3-lp152.3.3.4(aarch64|ppc64le|s390x|x86_64)0:20.04.2-lp152.2.3.1(noarch)0:20.04.2-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:18.12.3-lp151.2.4.1(i586|x86_64)0:1.1.13-lp152.3.15.1(noarch)0:1.1.13-lp152.3.15.1(x86_64)0:1.1.13-lp152.3.15.1(x86_64)0:3.34.1-lp152.6.9.1(noarch)0:3.34.1-lp152.6.9.1(i586|x86_64)0:2.2.1-lp152.7.8.1(x86_64)0:2.2.1-lp152.7.8.1(i586|x86_64)0:2.37-lp152.4.9.1(x86_64)0:2.37-lp152.4.9.1(x86_64)0:0.11.4-lp152.2.7.1(noarch)0:0.11.4-lp152.2.7.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.12.0-lp152.6.3.1(x86_64)0:1.13.15-lp152.2.7.1(x86_64)0:3000-lp152.3.15.1(noarch)0:3000-lp152.3.15.1(x86_64)0:2.0.20-lp152.4.3.1(x86_64)0:1.1.2-lp152.2.3.1(noarch)0:20200727-lp152.2.3.1(x86_64)0:2.0.6-lp152.4.3.1(noarch)0:2.0.6-lp152.4.3.1(aarch64|ppc64le|s390x|x86_64)0:2.20.0-lp152.2.5.10(noarch)0:2.20.0-lp152.2.5.10(x86_64)0:0.9.64.4-lp152.3.6.1(aarch64|ppc64le|s390x|x86_64)0:4.3.1-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:4.1.8-lp151.2.9.1(x86_64)0:3.34.2+0-lp152.3.3.1(noarch)0:3.34.2+0-lp152.3.3.1(x86_64)0:3.34.5-lp152.2.9.1(noarch)0:3.34.5-lp152.2.9.1(i586|x86_64)0:3.2.7-lp152.2.6.1(i586|x86_64)0:5.12.7-lp152.3.9.1(x86_64)0:5.12.7-lp152.3.9.1(noarch)0:5.12.7-lp152.3.9.1(noarch)0:2.4.21-lp152.2.3.2(i586|x86_64)0:1.10.6-lp152.2.9.1(noarch)0:1.10.6-lp152.2.9.1(noarch)0:9.0.36-lp152.2.16.1(i586|x86_64)0:1.5.3-lp152.8.6.1(i586|x86_64)0:62.2.0-lp152.8.6.1(x86_64)0:62.2.0-lp152.8.6.1(i586|x86_64)0:8.1.2-lp152.8.6.1(x86_64)0:8.1.2-lp152.8.6.1(i586|x86_64)0:2.40.1-lp152.7.10.1(noarch)0:1.3.16-lp152.4.6.1(noarch)0:1.10.7-lp152.2.3.1(i586|x86_64)0:7.0.7.34-lp152.12.9.1(x86_64)0:7.0.7.34-lp152.12.9.1(noarch)0:7.0.7.34-lp152.12.9.1(i586|x86_64)0:1.43.1-lp152.3.5.1(noarch)0:1.43.1-lp152.3.5.1(x86_64)0:0.14.1-lp152.2.4.1(i586|x86_64)0:1.0.2p-lp152.8.9.1(x86_64)0:1.0.2p-lp152.8.9.1(i586|x86_64)0:1.1.1d-lp152.7.9.1(x86_64)0:1.1.1d-lp152.7.9.1(i586|x86_64)0:10.23.1-lp152.2.9.1(noarch)0:10.23.1-lp152.2.9.1(x86_64)0:12.20.1-lp152.3.9.1(noarch)0:12.20.1-lp152.3.9.1(noarch)0:1.0.2p-lp152.8.9.1(noarch)0:1.1.1d-lp152.7.9.1(x86_64)0:3.2.8b-lp152.6.9.1(i586|x86_64)0:1.2-lp152.4.3.1(x86_64)0:1.2-lp152.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.96-lp152.2.3.1(noarch)0:2.7.4-lp152.2.3.1(i586|x86_64)0:5.3.6-lp152.5.3.1(x86_64)0:5.3.6-lp152.5.3.1(noarch)0:5.3.6-lp152.5.3.1(x86_64)0:20210525-lp152.2.17.1(x86_64)0:1.14.9-lp152.2.6.1(x86_64)0:5.3.18-lp152.3.14.1(x86_64)0:5.3.18-lp152.78.1(x86_64)0:5.3.18-lp152.78.1.lp152.8.34.1(noarch)0:5.3.18-lp152.78.1(noarch)0:5.3.18-lp152.3.14.1(x86_64)0:5.3.18-lp152.81.1(x86_64)0:5.3.18-lp152.81.1.lp152.8.36.1(noarch)0:5.3.18-lp152.81.1(aarch64|ppc64le|s390x|x86_64)0:2.12.1-lp152.2.3.1(aarch64|ppc64le|s390x|x86_64)0:20.04.2-lp152.2.6.1(noarch)0:20.04.2-lp152.2.6.1(aarch64|ppc64le|s390x|x86_64)0:18.12.3-lp151.2.7.1(i586|x86_64)0:3.6.7-lp152.9.3.2(x86_64)0:3.6.7-lp152.9.3.2(i586|x86_64)0:2.9.7-lp152.10.3.1(x86_64)0:2.9.7-lp152.10.3.1(noarch)0:2.9.7-lp152.10.3.1(i586|x86_64)0:0.14.0-lp152.4.6.1(x86_64)0:0.14.0-lp152.4.6.1(noarch)0:3.0.8-lp152.2.3.1(x86_64)0:3.6.3-lp152.2.6.1(x86_64)0:4.15-lp152.2.9.1(x86_64)0:5.3.18-lp152.63.1(x86_64)0:5.3.18-lp152.63.1.lp152.8.21.1(noarch)0:5.3.18-lp152.63.1(i586|x86_64)0:0.4.15-lp152.5.3.1(x86_64)0:0.4.15-lp152.5.3.1(noarch)0:0.4.15-lp152.5.3.1(i586|x86_64)0:5.2.2-lp152.6.3.1(noarch)0:5.2.2-lp152.6.3.1(x86_64)0:4.13.1_08-lp152.2.9.1(i586|x86_64)0:4.13.1_08-lp152.2.9.1(noarch)0:4.13.1_08-lp152.2.9.1(i586|x86_64)0:2.5.8-lp152.2.3.1(noarch)0:2.5.8-lp152.2.3.1(noarch)0:3.11.2-lp152.2.3.1(noarch)0:2.10.5.1-lp152.2.3.1(x86_64)0:0.19.0-lp152.2.3.1(i586|x86_64)0:2.0.4+20200616.2deceaa3a-lp152.2.3.1(noarch)0:2.0.4+20200616.2deceaa3a-lp152.2.3.1(i586|x86_64)0:2.8-lp152.2.9.1(noarch)0:2.8-lp152.2.3.1(x86_64)0:15.2.5.667+g1a579d5bf2-lp152.2.3.1(noarch)0:15.2.5.667+g1a579d5bf2-lp152.2.3.1(x86_64)0:5.3.18-lp152.72.1(x86_64)0:5.3.18-lp152.72.1.lp152.8.30.1(noarch)0:5.3.18-lp152.72.1(x86_64)0:15.2.9.83+g4275378de0-lp152.2.12.1(noarch)0:15.2.9.83+g4275378de0-lp152.2.12.1(i586|x86_64)0:2.78-lp152.7.3.1(i586|x86_64)0:2.4.46-lp152.14.12.1(x86_64)0:2.4.46-lp152.14.12.1(noarch)0:2.4.46-lp152.14.12.1(i586|x86_64)0:1.2-lp152.14.12.1(i586|x86_64)0:12.5-lp152.3.10.1(x86_64)0:12.5-lp152.3.10.1(noarch)0:13-lp152.3.6.1(i586|x86_64)0:10.15-lp152.2.9.1(noarch)0:10.15-lp152.2.9.1(noarch)0:12.5-lp152.3.10.1(x86_64)0:5.3.18-lp152.54.1.lp152.8.12.1(i586|x86_64)0:2.4.46-lp152.14.15.1(x86_64)0:2.4.46-lp152.14.15.1(noarch)0:2.4.46-lp152.14.15.1(i586|x86_64)0:1.2-lp152.14.15.1(i586|x86_64)0:4.11.14+git.313.d4e302805e1-lp152.3.31.2(x86_64)0:4.11.14+git.313.d4e302805e1-lp152.3.31.2(noarch)0:4.11.14+git.313.d4e302805e1-lp152.3.31.2(i586|x86_64)0:2.7.17-lp152.3.6.2(x86_64)0:2.7.17-lp152.3.6.2(i586|x86_64)0:2.7.17-lp152.3.6.1(x86_64)0:2.7.17-lp152.3.6.1(noarch)0:2.7.17-lp152.3.6.1(x86_64)0:1.9.0-lp152.7.3.1(noarch)0:1.9.0-lp152.7.3.1(noarch)0:17.5.0-lp152.7.3.1(i586|x86_64)0:1.13.2-lp152.2.3.1(i586|x86_64)0:2.8-lp152.2.12.1(noarch)0:1.24-lp152.5.3.1(x86_64)0:20.04.2-lp152.2.3.1(noarch)0:5.7.8-lp152.2.3.1(noarch)0:1.4.15-lp152.2.3.1(i586|x86_64)0:3.4.5-lp152.2.12.1(i586|x86_64)0:3.2.8-lp152.2.9.1(x86_64)0:3.0.13-lp152.2.12.1(noarch)0:3.0.13-lp152.2.12.1(i586|x86_64)0:0.14.0-lp152.4.3.1(x86_64)0:0.14.0-lp152.4.3.1(noarch)0:4.9.6-lp152.2.3.1(x86_64)0:78.4.1-lp152.2.27.1(x86_64)0:78.4.2-lp152.2.16.1(x86_64)0:78.7.0-lp152.2.43.1(i586|x86_64)0:5.48-lp152.12.6.1(noarch)0:5.48-lp152.12.6.1(x86_64)0:5.48-lp152.12.6.1(noarch)0:4.1.2-lp152.2.3.1(noarch)0:9.4.35-lp152.2.3.1(x86_64)0:4.9.0-lp152.3.3.1(noarch)0:4.9.0-lp152.3.3.1(x86_64)0:1.15-lp152.2.3.1(i586|x86_64)0:7.0.7.34-lp152.12.6.1(x86_64)0:7.0.7.34-lp152.12.6.1(noarch)0:7.0.7.34-lp152.12.6.1(x86_64)0:4.13.2_04-lp152.2.18.1(i586|x86_64)0:4.13.2_04-lp152.2.18.1(noarch)0:4.13.2_04-lp152.2.18.1(x86_64)0:4.13.1_10-lp152.2.12.1(i586|x86_64)0:4.13.1_10-lp152.2.12.1(noarch)0:4.13.1_10-lp152.2.12.1(x86_64)0:20.02.6-lp152.2.3.1(x86_64)0:18.08.9-lp152.5.1(x86_64)0:15.2.8.80+g1f4b6229ca-lp152.2.9.1(noarch)0:15.2.8.80+g1f4b6229ca-lp152.2.9.1(x86_64)0:2.3.0-lp152.4.3.1(x86_64)0:1.6.2-lp152.2.3.1(x86_64)0:2.13.2-lp152.3.9.1(x86_64)0:20.03.1-lp152.3.9.1(noarch)0:2.13.2-lp152.3.9.1(noarch)0:20.03.1-lp152.3.9.1(i586|x86_64)0:2.0.14-lp152.7.6.1(x86_64)0:2.0.14-lp152.7.6.1(i586|x86_64)0:4.11.14+git.247.8c858f7ee14-lp152.3.19.1(i586|x86_64)0:2.0.12-lp152.2.9.1(x86_64)0:4.11.14+git.247.8c858f7ee14-lp152.3.19.1(x86_64)0:2.0.12-lp152.2.9.1(noarch)0:4.11.14+git.247.8c858f7ee14-lp152.3.19.1(x86_64)0:89.0.4389.72-lp152.2.77.1(i586|x86_64)0:2.32.0-lp152.2.13.1(x86_64)0:2.32.0-lp152.2.13.1(noarch)0:2.32.0-lp152.2.13.1(x86_64)0:0.18.0-lp152.5.3.1(i586|x86_64)0:1.16.3-lp152.5.13.1(x86_64)0:1.16.3-lp152.5.13.1(x86_64)0:2.3.15-lp152.2.12.1(x86_64)0:3000-lp152.3.27.1(noarch)0:3000-lp152.3.27.1(x86_64)0:1.14.12-lp152.2.12.1(x86_64)0:1.15.5-lp152.2.1(i586|x86_64)0:3.4.0-lp152.5.3.1(noarch)0:0.12.13-lp152.4.3.1(x86_64)0:2019.05-lp152.2.3.1(noarch)0:5.1.47-lp152.2.3.1(x86_64)0:1.10.1-lp152.3.6.1(noarch)0:1.10.1-lp152.3.6.1(x86_64)0:1.53.3-lp152.2.3.1(noarch)0:1.53.3-lp152.2.3.1(i586|x86_64)0:0.23.2-lp152.7.3.1(x86_64)0:0.23.2-lp152.7.3.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-lp152.4.3.1(i586|x86_64)0:2.40.0-lp152.2.3.1(x86_64)0:2.40.0-lp152.2.3.1(noarch)0:2.40.0-lp152.2.3.1(x86_64)0:4.13.2_06-lp152.2.21.1(i586|x86_64)0:4.13.2_06-lp152.2.21.1(noarch)0:4.13.2_06-lp152.2.21.1(noarch)0:1.8.1-lp152.2.6.1(aarch64|ppc64le|x86_64)0:2.12.5-lp152.3.9.1(x86_64)0:2.4.0+git.1611141202.2fe6369e-lp152.2.12.1(noarch)0:4.3.1+20210702.4e0ee8fb-lp152.4.59.1(x86_64)0:2.6.3+git.1614684118.af555ad9-lp152.2.18.1(x86_64)0:2.13.2-lp152.3.12.1(x86_64)0:20.03.1-lp152.3.12.1(noarch)0:2.13.2-lp152.3.12.1(noarch)0:20.03.1-lp152.3.12.1(x86_64)0:4.2.1-lp152.9.20.1(noarch)0:1.0.0+-lp152.9.20.1(noarch)0:4.2.1-lp152.9.20.1(noarch)0:1.12.1+-lp152.9.20.1(noarch)0:8-lp152.9.20.1(i586|x86_64)0:1.12.2-lp152.6.3.1(x86_64)0:1.12.2-lp152.6.3.1(noarch)0:1.12.2-lp152.6.3.1(x86_64)0:1.4.3.19~git0.bef0b5bed-lp152.2.12.1(x86_64)0:1.11-lp152.4.3.1(x86_64)0:0.16.0-lp152.2.3.1(noarch)0:17.10.1-lp152.4.3.1(noarch)0:1.2.17-lp152.2.12.1(aarch64|ppc64le|s390x|x86_64)0:1.2.17-lp152.2.9.1(i586|x86_64)0:1.0.0-lp152.3.9.1(noarch)0:1.0.0-lp152.3.9.1(x86_64)0:1.0.0-lp152.3.9.1(noarch)0:1.10.21-lp152.2.6.1(i586|x86_64)0:2.4.46-lp152.14.18.1(x86_64)0:2.4.46-lp152.14.18.1(noarch)0:2.4.46-lp152.14.18.1(i586|x86_64)0:1.2-lp152.14.18.1(i586|x86_64)0:0.2.3-lp152.4.3.1(i586|x86_64)0:2.8-lp152.2.6.1(aarch64|ppc64le|s390x|x86_64)0:1.10.2-lp152.2.4.1(i586|x86_64)0:0.14.0-lp152.4.9.1(x86_64)0:0.14.0-lp152.4.9.1(x86_64)0:5.3.18-lp152.95.1(x86_64)0:5.3.18-lp152.95.1.lp152.8.44.1(noarch)0:5.3.18-lp152.95.1(i586|x86_64)0:25-lp152.8.3.1(noarch)0:25-lp152.8.3.1(x86_64)0:0.9.13.1-lp152.3.3.1(x86_64)0:4.5.1.3-lp152.2.3.1(noarch)0:1.1.28-lp152.4.3.1(i586|x86_64)0:0.7.2-lp152.2.3.1(x86_64)0:68.0.3618.104-lp152.2.6.1(x86_64)0:83.0.4103.116-lp152.2.3.1(x86_64)0:69.0.3686.49-lp152.2.9.1(x86_64)0:84.0.4147.89-lp152.2.6.2(x86_64)0:70.0.3728.71-lp152.2.12.1(x86_64)0:84.0.4147.105-lp152.2.9.1(x86_64)0:70.0.3728.133-lp152.2.15.1(x86_64)0:84.0.4147.125-lp152.2.12.2(x86_64)0:84.0.4147.135-lp152.2.17.1(noarch)0:3.1.5-lp152.2.3.1(i586|x86_64)0:7.4.6-lp152.2.6.1(i586|x86_64)0:7.4.6-lp152.2.9.1(i586|x86_64)0:7.4.6-lp152.2.12.1(i586|x86_64)0:10.24.1-lp152.2.15.1(noarch)0:10.24.1-lp152.2.15.1(i586|x86_64)0:12.22.2-lp152.3.15.1(noarch)0:12.22.2-lp152.3.15.1(x86_64)0:14.17.2-lp152.11.1(noarch)0:14.17.2-lp152.11.1(i586|x86_64)0:8.17.0-lp152.3.14.1(noarch)0:8.17.0-lp152.3.14.1(i586|x86_64)0:2.4.46-lp152.14.3.1(x86_64)0:2.4.46-lp152.14.3.1(noarch)0:2.4.46-lp152.14.3.1(i586|x86_64)0:1.2-lp152.14.3.1(x86_64)0:7.0.3-lp152.3.9.1(x86_64)0:2.6.2-lp152.2.3.1(i586|x86_64)0:2.4.46-lp152.14.9.1(x86_64)0:2.4.46-lp152.14.9.1(noarch)0:2.4.46-lp152.14.9.1(i586|x86_64)0:1.2-lp152.14.9.1(x86_64)0:4.9.2-lp152.7.3.1(noarch)0:20.0.0-lp152.3.3.1(x86_64)0:5.1.4-lp152.5.3.1(x86_64)0:5.1.4-lp152.4.3.1(i586|x86_64)0:7.66.0-lp152.3.3.1(x86_64)0:7.66.0-lp152.3.3.1(i586|x86_64)0:7.66.0-lp152.3.9.1(x86_64)0:7.66.0-lp152.3.9.1(x86_64)0:14.15.4-lp152.5.1(noarch)0:14.15.4-lp152.5.1(i586|x86_64)0:1.17.0-lp152.2.3.1(x86_64)0:1.17.0-lp152.2.3.1(i586|x86_64)0:7.66.0-lp152.3.12.1(x86_64)0:7.66.0-lp152.3.12.1(i586|x86_64)0:8.17.0-lp152.3.8.1(noarch)0:8.17.0-lp152.3.8.1(noarch)0:20.0.11-lp152.3.9.1(i586|x86_64)0:9.16.6-lp152.14.12.1(x86_64)0:9.16.6-lp152.14.12.1(noarch)0:9.16.6-lp152.14.12.1(x86_64)0:20201118-lp152.2.8.1(noarch)0:20190801-lp152.5.4.1(i586|x86_64)0:20190801-lp152.5.4.1(x86_64)0:20190801-lp152.5.4.1(i586|x86_64)0:1.0.9-lp152.2.3.1(x86_64)0:1.0.9-lp152.2.3.1(i586|x86_64)0:2.28.4-lp152.2.4.3(x86_64)0:2.28.4-lp152.2.4.3(noarch)0:2.28.4-lp152.2.4.3(x86_64)0:4.13.3_02-lp152.2.27.1(i586|x86_64)0:4.13.3_02-lp152.2.27.1(noarch)0:4.13.3_02-lp152.2.27.1(i586|x86_64)0:2.9-lp152.8.6.1(x86_64)0:5.3.18-lp152.106.1(x86_64)0:5.3.18-lp152.106.1.lp152.8.52.1(noarch)0:5.3.18-lp152.106.1(x86_64)0:0.103.2-lp152.6.6.1(i586|x86_64)0:7.0.7.34-lp152.12.18.1(x86_64)0:7.0.7.34-lp152.12.18.1(noarch)0:7.0.7.34-lp152.12.18.1(i586|x86_64)0:1.30-lp152.4.3.1(noarch)0:1.30-lp152.4.3.1(i586|x86_64)0:0.14.2-lp152.2.6.1(x86_64)0:0.11.0-lp152.4.3.1(x86_64)0:3.0.31-lp152.3.6.1(noarch)0:3.0.31-lp152.3.6.1(x86_64)0:5.57-lp152.2.6.1(noarch)0:5.57-lp152.2.6.1(i586|x86_64)0:3.6.7-lp152.9.9.1(x86_64)0:3.6.7-lp152.9.9.1(i586|x86_64)0:7.0.7.34-lp152.12.12.1(x86_64)0:7.0.7.34-lp152.12.12.1(noarch)0:7.0.7.34-lp152.12.12.1(x86_64)0:1.3.5-lp152.4.3.1(i586|x86_64)0:4.14.1-lp152.18.3.1(x86_64)0:4.14.1-lp152.18.3.1(noarch)0:2.6.1-lp152.5.9.1(x86_64)0:3.0.32-lp152.3.9.1(noarch)0:3.0.32-lp152.3.9.1(x86_64)0:15.2.11.83+g8a15f484c2-lp152.2.15.1(noarch)0:15.2.11.83+g8a15f484c2-lp152.2.15.1(i586|x86_64)0:2.2.1-lp152.7.14.1(x86_64)0:2.2.1-lp152.7.14.1(i586|x86_64)0:2.2.1-lp152.7.20.1(x86_64)0:2.2.1-lp152.7.20.1(i586|x86_64)0:3.4.1-lp152.4.3.1(x86_64)0:3.4.1-lp152.4.3.1(x86_64)0:1.9.12-lp152.4.3.1(i586|x86_64)0:7.0.7.34-lp152.12.15.1(x86_64)0:7.0.7.34-lp152.12.15.1(noarch)0:7.0.7.34-lp152.12.15.1(aarch64|ppc64le|s390x|x86_64)0:1.2.10-lp152.4.3.1(x86_64)0:6.1.20-lp152.2.21.1(noarch)0:6.1.20-lp152.2.21.1(x86_64)0:6.1.20_k5.3.18_lp152.72-lp152.2.21.1(x86_64)0:88.0.4324.146-lp152.2.69.1(x86_64)0:88.0.4324.150-lp152.2.72.1(x86_64)0:74.0.3911.203-lp152.2.37.1(x86_64)0:89.0.4389.90-lp152.2.80.1(x86_64)0:75.0.3969.171-lp152.2.40.1(x86_64)0:89.0.4389.114-lp152.2.83.1(x86_64)0:90.0.4430.93-lp152.2.89.1(x86_64)0:89.0.4389.128-lp152.2.86.1(x86_64)0:76.0.4017.94-lp152.2.43.1(x86_64)0:91.0.4472.77-lp152.2.98.1(x86_64)0:76.0.4017.107-lp152.2.46.1(x86_64)0:1.10.2-lp152.3.6.1(i586|x86_64)0:2020.8-lp152.2.3.1(x86_64)0:1.8.0-lp152.4.3.1(x86_64)0:1.8.0-lp152.2.3.1(noarch)0:1.8.0-lp152.2.3.1(noarch)0:1.8.0-lp152.4.3.1(x86_64)0:1.4.4-lp152.2.6.1(x86_64)0:20.10.6_ce-lp152.2.12.1(noarch)0:20.10.6_ce-lp152.2.12.1(x86_64)0:1.0.0~rc93-lp152.2.3.1(x86_64)0:4.1.13-lp152.3.3.1(i586|x86_64)0:2.26.2-lp152.2.6.1(noarch)0:2.26.2-lp152.2.6.1(i586|x86_64)0:6.0.13-lp152.2.3.1(noarch)0:1.4.16-lp152.2.6.1(x86_64)0:1.2.12-lp152.2.3.1(x86_64)0:1.15.1-lp152.2.3.1(noarch)0:3.1.2-lp152.3.3.1(x86_64)0:6.1.22-lp152.2.24.2(noarch)0:6.1.22-lp152.2.24.2(x86_64)0:6.1.22_k5.3.18_lp152.75-lp152.2.24.2(i586|x86_64)0:11.0.11.0-lp152.2.12.1(noarch)0:11.0.11.0-lp152.2.12.1(x86_64)0:1.8.0.312-lp152.3.12.1(noarch)0:1.8.0.312-lp152.3.12.1(i586|x86_64)0:1.8.0.302-lp152.2.15.1(noarch)0:1.8.0.302-lp152.2.15.1(i586|x86_64)0:1.8.0.292-lp152.2.12.2(noarch)0:1.8.0.292-lp152.2.12.2(i586|x86_64)0:7.4.6-lp152.2.15.1(i586|x86_64)0:7.4.6-lp152.2.21.1(i586|x86_64)0:7.4.6-lp152.2.18.1(i586|x86_64)0:2.32.3-lp152.2.16.1(x86_64)0:2.32.3-lp152.2.16.1(noarch)0:2.32.3-lp152.2.16.1(x86_64)0:5.3.18-lp152.87.1(x86_64)0:5.3.18-lp152.87.1.lp152.8.40.1(noarch)0:5.3.18-lp152.87.1(i586|x86_64)0:2.32.4-lp152.2.19.1(x86_64)0:2.32.4-lp152.2.19.1(noarch)0:2.32.4-lp152.2.19.1(x86_64)0:3002.2-lp152.3.45.1(noarch)0:3002.2-lp152.3.45.1(x86_64)0:3.8.3-lp152.2.3.1(noarch)0:12.25-lp152.4.3.1(i586|x86_64)0:3.4.7-lp152.2.18.1(x86_64)0:5.3.18-lp152.84.1(x86_64)0:5.3.18-lp152.84.1.lp152.8.38.1(noarch)0:5.3.18-lp152.84.1(i586|x86_64)0:7.66.0-lp152.3.15.1(x86_64)0:7.66.0-lp152.3.15.1(noarch)0:3.1.3-lp152.2.6.1(x86_64)0:3.1.3-lp152.2.6.1(i586|x86_64)0:10.24.0-lp152.2.12.1(noarch)0:10.24.0-lp152.2.12.1(x86_64)0:12.21.0-lp152.3.12.1(noarch)0:12.21.0-lp152.3.12.1(x86_64)0:14.16.0-lp152.8.1(noarch)0:14.16.0-lp152.8.1(i586|x86_64)0:8.17.0-lp152.3.11.1(noarch)0:8.17.0-lp152.3.11.1(x86_64)0:5.1.4-lp152.5.6.1(i586|x86_64)0:7.66.0-lp152.3.18.1(x86_64)0:7.66.0-lp152.3.18.1(i586|x86_64)0:7.66.0-lp152.3.21.1(x86_64)0:7.66.0-lp152.3.21.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.4.6.8-lp152.2.18.1(i586|x86_64)0:10.24.1-lp152.2.18.1(noarch)0:10.24.1-lp152.2.18.1(i586|x86_64)0:12.22.5-lp152.3.18.1(noarch)0:12.22.5-lp152.3.18.1(x86_64)0:14.17.5-lp152.14.1(noarch)0:14.17.5-lp152.14.1(i586|x86_64)0:8.17.0-lp152.3.17.1(noarch)0:8.17.0-lp152.3.17.1(i586|x86_64)0:7.66.0-lp152.3.24.1(x86_64)0:7.66.0-lp152.3.24.1(i586|x86_64)0:12.22.7-lp152.3.21.1(noarch)0:12.22.7-lp152.3.21.1(x86_64)0:14.18.1-lp152.17.1(noarch)0:14.18.1-lp152.17.1(i586|x86_64)0:1.16.1-lp152.2.3.1(noarch)0:1.16.1-lp152.2.3.1(i586|x86_64)0:10.19-lp152.2.27.1(noarch)0:10.19-lp152.2.27.1(i586|x86_64)0:1.8.22-lp152.8.6.1(i586|x86_64)0:2.7.18-lp152.3.15.1(x86_64)0:2.7.18-lp152.3.15.1(noarch)0:2.7.18-lp152.3.15.1(noarch)0:1.13.1-lp152.4.3.1(i586|x86_64)0:11.0.12.0-lp152.2.15.1(noarch)0:11.0.12.0-lp152.2.15.1(i586|x86_64)0:1.0.2p-lp152.8.12.1(x86_64)0:1.0.2p-lp152.8.12.1(i586|x86_64)0:1.1.1d-lp152.7.12.1(x86_64)0:1.1.1d-lp152.7.12.1(noarch)0:1.0.2p-lp152.8.12.1(noarch)0:1.1.1d-lp152.7.12.1(x86_64)0:78.10.0-lp152.2.55.1(x86_64)0:78.10.0-lp152.2.41.1(x86_64)0:78.8.0-lp152.2.49.1(x86_64)0:78.8.0-lp152.2.35.1(x86_64)0:78.9.0-lp152.2.52.1(x86_64)0:78.9.1-lp152.2.38.1(i586|x86_64)0:1.4.4-lp152.2.3.1(x86_64)0:1.4.4-lp152.2.3.1(x86_64)0:6.1.26-lp152.2.35.1(noarch)0:6.1.26-lp152.2.35.1(x86_64)0:6.1.26_k5.3.18_lp152.84-lp152.2.35.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.10.0-lp152.3.3.1(noarch)0:2.10.0-lp152.3.3.1(x86_64)0:2.10.0-lp152.3.3.1(i586|x86_64)0:2.16.9-lp152.2.6.1(x86_64)0:2.16.9-lp152.2.6.1(noarch)0:9.0.36-lp152.2.19.1(x86_64)0:6.1.28-lp152.2.38.1(noarch)0:6.1.28-lp152.2.38.1(x86_64)0:6.1.28_k5.3.18_lp152.95-lp152.2.38.1(noarch)0:9.0.36-lp152.2.22.1(i586|x86_64)0:9.16.6-lp152.14.19.1(x86_64)0:9.16.6-lp152.14.19.1(noarch)0:9.16.6-lp152.14.19.1(i586|x86_64)0:4.3.6.P1-lp152.8.6.1(i586|x86_64)0:9.16.6-lp152.14.25.1(x86_64)0:9.16.6-lp152.14.25.1(noarch)0:9.16.6-lp152.14.25.1(i586|x86_64)0:2.2.7-lp152.9.9.1(x86_64)0:2.2.7-lp152.9.9.1(x86_64)0:2.1a15-lp152.6.9.1(i586|x86_64)0:2.46.5-lp152.2.3.1(x86_64)0:2.46.5-lp152.2.3.1(noarch)0:2.46.5-lp152.2.3.1(x86_64)0:1.39-lp152.3.3.1(i586|x86_64)0:0.7-lp152.3.6.1(noarch)0:0.7-lp152.3.6.1(x86_64)0:0.7-lp152.3.6.1(noarch)0:2.4.0-lp152.2.3.1(i586|x86_64)0:4.6.2-lp152.6.3.1(i586|x86_64)0:330-lp152.6.3.1(noarch)0:2.62.6-lp152.2.6.1(i586|x86_64)0:2.62.6-lp152.2.6.1(x86_64)0:2.62.6-lp152.2.6.1(noarch)0:2.6.1-lp152.5.12.1(x86_64)0:7.5.7-lp152.2.16.1(i586|x86_64)0:2.9-lp152.8.9.1(x86_64)0:1.15.10-lp152.14.1(noarch)0:2.9.21-lp152.2.7.1(noarch)0:0.1.1627546504.96a0b3e-lp152.2.26.1(x86_64)0:2.27.1-lp152.3.13.1(x86_64)0:0.4.5.7-lp152.2.9.1(x86_64)0:2.6.1-lp152.2.3.1(x86_64)0:4.17-lp152.2.12.1(i586|x86_64)0:201911-lp152.6.11.1(noarch)0:201911-lp152.6.11.1(x86_64)0:201911-lp152.6.11.1(i586|x86_64)0:1.1.11-lp152.4.3.1(x86_64)0:1.1.11-lp152.4.3.1(x86_64)0:4.13.2_08-lp152.2.24.1(i586|x86_64)0:4.13.2_08-lp152.2.24.1(noarch)0:4.13.2_08-lp152.2.24.1(x86_64)0:4.13.3_04-lp152.2.30.1(i586|x86_64)0:4.13.3_04-lp152.2.30.1(noarch)0:4.13.3_04-lp152.2.30.1(x86_64)0:4.13.4_02-lp152.2.33.1(i586|x86_64)0:4.13.4_02-lp152.2.33.1(noarch)0:4.13.4_02-lp152.2.33.1(x86_64)0:2.5.9-lp152.2.6.1(noarch)0:2.5.9-lp152.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.9.36-lp152.4.3.1(x86_64)0:0.4.7-lp152.2.6.1(x86_64)0:5.3.18-lp152.3.11.1(x86_64)0:5.3.18-lp152.75.1(x86_64)0:5.3.18-lp152.75.1.lp152.8.32.1(noarch)0:5.3.18-lp152.75.1(noarch)0:5.3.18-lp152.3.11.1(noarch)0:2.6-lp152.2.3.1(noarch)0:1.10.22-lp152.2.3.1(noarch)0:1.4.17-lp152.2.9.1(x86_64)0:78.11.0-lp152.2.58.1(x86_64)0:78.11.0-lp152.2.45.1(x86_64)0:78.12.0-lp152.2.48.2(x86_64)0:78.12.0-lp152.2.61.1(x86_64)0:91.2.0-lp152.2.67.1(x86_64)0:78.13.0-lp152.2.64.1(x86_64)0:0.19.0-lp152.2.7.1(x86_64)0:91.4.0-lp152.2.52.1(i586|x86_64)0:2.9-lp152.8.12.1(x86_64)0:0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1(noarch)0:0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1(noarch)0:4.3.0+20210305.9db5c9a8-lp152.4.47.1(x86_64)0:1.4.11-lp152.2.12.1(x86_64)0:20.10.9_ce-lp152.2.18.1(noarch)0:20.10.9_ce-lp152.2.18.1(x86_64)0:1.0.2-lp152.2.9.1(i586|x86_64)0:1.0.0-lp152.3.6.1(noarch)0:1.0.0-lp152.3.6.1(x86_64)0:1.0.0-lp152.3.6.1(i586|x86_64)0:1.0.0-lp152.3.3.1(noarch)0:1.0.0-lp152.3.3.1(x86_64)0:1.0.0-lp152.3.3.1(x86_64)0:90.0.4430.212-lp152.2.95.1(x86_64)0:76.0.4017.154-lp152.2.49.1(x86_64)0:91.0.4472.164-lp152.2.113.2(x86_64)0:77.0.4054.277-lp152.2.55.1(x86_64)0:91.0.4472.101-lp152.2.104.1(x86_64)0:77.0.4054.146-lp152.2.52.1(x86_64)0:91.0.4472.114-lp152.2.107.1(x86_64)0:92.0.4515.131-lp152.2.116.1(x86_64)0:78.0.4093.147-lp152.2.58.1(x86_64)0:92.0.4515.159-lp152.2.122.1(x86_64)0:78.0.4093.184-lp152.2.61.1(x86_64)0:93.0.4577.82-lp152.2.125.1(x86_64)0:79.0.4143.22-lp152.2.64.1(x86_64)0:79.0.4143.50-lp152.2.67.1(noarch)0:9.0.36-lp152.2.25.1(x86_64)0:2.34.1-lp152.2.25.3(noarch)0:2.34.1-lp152.2.25.3(x86_64)0:1.14.14-lp152.2.18.1(x86_64)0:1.15.7-lp152.8.1(x86_64)0:20.02.7-lp152.2.6.1(x86_64)0:1.5.2-lp152.2.3.1(x86_64)0:1.15.12-lp152.17.1(i586|x86_64)0:1.6.5-lp152.5.18.1(x86_64)0:1.6.5-lp152.5.18.1(noarch)0:1.6.5-lp152.5.18.1(i586|x86_64)0:1.8.22-lp152.8.9.1(i586|x86_64)0:2.5.9-lp152.2.9.1(noarch)0:2.5.9-lp152.2.9.1(x86_64)0:1.10.1-lp152.3.15.1(noarch)0:1.10.1-lp152.3.15.1(i586|x86_64)0:1.16.3-lp152.2.3.1(x86_64)0:1.16.3-lp152.2.3.1(noarch)0:1.16.3-lp152.2.3.1(i586|x86_64)0:1.16.3-lp152.3.3.1(x86_64)0:1.16.3-lp152.3.3.1(noarch)0:1.16.3-lp152.3.3.1(x86_64)0:2.6.2-lp152.2.6.1(i586|x86_64)0:10.17-lp152.2.21.1(noarch)0:10.17-lp152.2.21.1(i586|x86_64)0:3.5.27-lp152.7.3.1(noarch)0:3.5.27-lp152.7.3.1(i586|x86_64)0:6.0.14-lp152.2.6.1(noarch)0:0.11.2-lp152.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.13.3-lp152.4.3.1(noarch)0:20.0.12-lp152.3.12.1(x86_64)0:2.3.8-lp152.5.6.1(x86_64)0:0.11.9-lp152.2.3.1(noarch)0:1.3.2-lp152.2.3.1(i586|x86_64)0:2.4.43-lp152.2.18.1(noarch)0:2.4.43-lp152.2.18.1(x86_64)0:1.15.13-lp152.20.1(x86_64)0:2.3.11.3-lp152.2.9.1(i586|x86_64)0:1.2.2-lp152.2.3.1(x86_64)0:1.2.2-lp152.2.3.1(i586|x86_64)0:1.8.2-lp152.17.3.1(x86_64)0:1.8.2-lp152.17.3.1(i586|i686|x86_64)0:2.26-lp152.26.9.1(x86_64)0:2.26-lp152.26.9.1(i586|x86_64)0:2.26-lp152.26.9.1(noarch)0:2.26-lp152.26.9.1(noarch)0:2.0.6-lp152.2.3.1(i586|x86_64)0:234-lp152.31.34.1(x86_64)0:234-lp152.31.34.1(noarch)0:234-lp152.31.34.1(i586|x86_64)0:12.6-lp152.3.16.1(x86_64)0:12.6-lp152.3.16.1(noarch)0:12.6-lp152.3.16.1(i586|x86_64)0:1.1.1d-lp152.7.15.1(x86_64)0:1.1.1d-lp152.7.15.1(noarch)0:1.1.1d-lp152.7.15.1(x86_64)0:0.4.5.9-lp152.2.12.1(x86_64)0:1.15.14-lp152.23.1(x86_64)0:1.16.6-lp152.5.1(i586|x86_64)0:16.02-lp152.8.3.1(noarch)0:16.02-lp152.8.3.1(i586|x86_64)0:0.7-lp152.3.9.1(noarch)0:0.7-lp152.3.9.1(x86_64)0:0.7-lp152.3.9.1(i586|x86_64)0:1.20.3-lp152.8.21.1(i586|x86_64)0:2.2.1-lp152.7.11.1(x86_64)0:2.2.1-lp152.7.11.1(i586|x86_64)0:2.4.43-lp152.2.21.1(noarch)0:2.4.43-lp152.2.21.1(i586|x86_64)0:5.12.7-lp152.2.3.1(x86_64)0:5.12.7-lp152.2.3.1(noarch)0:5.12.7-lp152.2.3.1(i586|x86_64)0:1.16.3-lp152.2.6.1(x86_64)0:1.16.3-lp152.2.6.1(noarch)0:1.16.3-lp152.2.6.1(i586|x86_64)0:3.5.27-lp152.7.6.1(noarch)0:3.5.27-lp152.7.6.1(x86_64)0:1.3.14-lp152.4.3.1(noarch)0:1.3.14-lp152.4.3.1(x86_64)0:15.2.12.83+g528da226523-lp152.2.18.1(noarch)0:15.2.12.83+g528da226523-lp152.2.18.1(x86_64)0:1.4.3.23~git0.f53d0132b-lp152.2.15.1(i586|x86_64)0:2.9.7-lp152.10.12.1(x86_64)0:2.9.7-lp152.10.12.1(noarch)0:2.9.7-lp152.10.12.1(i586|x86_64)0:1.8.0-lp152.5.3.1(x86_64)0:1.8.0-lp152.5.3.1(i586|x86_64)0:2.9.7-lp152.10.15.1(x86_64)0:2.9.7-lp152.10.15.1(noarch)0:2.9.7-lp152.10.15.1(noarch)0:1.21-lp152.2.3.1(i586|x86_64)0:11.0.13.0-lp152.2.21.2(noarch)0:11.0.13.0-lp152.2.21.2(i586|x86_64)0:1.8.0.312-lp152.2.18.2(noarch)0:1.8.0.312-lp152.2.18.2(i586|x86_64)0:0.116-lp152.2.3.1(x86_64)0:0.116-lp152.2.3.1(noarch)0:0.116-lp152.2.3.1(x86_64)0:4.1-lp152.2.3.1(x86_64)0:0.4.21-lp152.7.3.1(noarch)0:0.4.21-lp152.7.3.1(x86_64)0:1.8+git65.g303b08c-lp152.4.3.1(noarch)0:10.0.1-lp152.4.9.1(x86_64)0:1.3.6-lp152.4.6.1(i586|x86_64)0:3.4.1-lp152.4.6.1(x86_64)0:3.4.1-lp152.4.6.1(i586|x86_64)0:2.2.1-lp152.7.17.1(x86_64)0:2.2.1-lp152.7.17.1(i586|x86_64)0:1.16.1-lp152.16.3.1(x86_64)0:1.3.14-lp152.4.6.1(noarch)0:1.3.14-lp152.4.6.1(x86_64)0:1.15.15-lp152.26.1(x86_64)0:1.16.7-lp152.8.1(i586|x86_64)0:1.16.3-lp152.5.19.1(x86_64)0:1.16.3-lp152.5.19.1(i586|x86_64)0:3.5.27-lp152.7.9.1(noarch)0:3.5.27-lp152.7.9.1(i586|x86_64)0:6.0.0-lp152.9.12.1(noarch)0:6.0.0-lp152.9.12.1(x86_64)0:6.0.0-lp152.9.12.1(x86_64)0:6.4.22-lp152.6.12.1(x86_64)0:5.3.18-lp152.92.2(x86_64)0:5.3.18-lp152.92.2.lp152.8.42.3(noarch)0:5.3.18-lp152.92.2(noarch)0:5.3.18-lp152.92.1(x86_64)0:5.3.18-lp152.92.1(x86_64)0:1.4.3.24~git13.7b705e743-lp152.2.18.1(i586|x86_64)0:6.0.0-lp152.9.15.1(noarch)0:6.0.0-lp152.9.15.1(x86_64)0:6.0.0-lp152.9.15.1(i586|x86_64)0:1.17.1+20200724-lp152.2.9.1(x86_64)0:1.17.1+20200724-lp152.2.9.1(i586|x86_64)0:1.1.1d-lp152.7.21.1(x86_64)0:1.1.1d-lp152.7.21.1(noarch)0:1.1.1d-lp152.7.21.1(i586|x86_64)0:1.0.2p-lp152.8.18.1(x86_64)0:1.0.2p-lp152.8.18.1(i586|x86_64)0:1.1.1d-lp152.7.24.1(x86_64)0:1.1.1d-lp152.7.24.1(noarch)0:1.0.2p-lp152.8.18.1(noarch)0:1.1.1d-lp152.7.24.1(x86_64)0:4.2.1-lp152.9.23.1(noarch)0:1.0.0+-lp152.9.23.1(noarch)0:4.2.1-lp152.9.23.1(noarch)0:1.12.1+-lp152.9.23.1(noarch)0:8-lp152.9.23.1(i586|x86_64)0:2.7.18-lp152.3.21.1(x86_64)0:2.7.18-lp152.3.21.1(noarch)0:2.7.18-lp152.3.21.1(i586|x86_64)0:2.33.2-lp152.5.9.1(x86_64)0:2.33.2-lp152.5.9.1(noarch)0:2.33.2-lp152.5.9.1(i586|x86_64)0:1.16.3-lp152.5.22.1(x86_64)0:1.16.3-lp152.5.22.1(i586|x86_64)0:9.52-lp152.2.7.1(x86_64)0:0.2.8-lp152.4.3.1(x86_64)0:94.0.4606.81-lp152.2.132.1(x86_64)0:80.0.4170.63-lp152.2.73.1(x86_64)0:95.0.4638.54-lp152.2.135.1(x86_64)0:81.0.4196.31-lp152.2.76.1(aarch64|x86_64)0:95.0.4638.69-lp152.2.138.1(x86_64)0:96.0.4664.110-lp152.2.143.1(i586|x86_64)0:2.12-lp152.5.5.1(noarch)0:2.12-lp152.5.5.1(x86_64)0:1.16.9-lp152.14.1(x86_64)0:0.4.6.7-lp152.2.15.1(noarch)0:1.4.18-lp152.2.12.1(x86_64)0:1.16.8-lp152.11.1(i586|x86_64)0:2.2.1-lp152.7.23.1(x86_64)0:2.2.1-lp152.7.23.1(x86_64)0:0.3.12-lp152.2.3.1(noarch)0:0.3.12-lp152.2.3.1(i586|x86_64)0:6.1-lp152.8.3.1(x86_64)0:6.1-lp152.8.3.1(i586|x86_64)0:3.4.10-lp152.2.21.1(i586|x86_64)0:1.20.3-lp152.8.33.1(i586|x86_64)0:1.20.3-lp152.8.36.1(i586|x86_64)0:2.26.2-lp152.2.12.1(noarch)0:2.26.2-lp152.2.12.1(x86_64)0:2.0.14-lp152.2.6.1(noarch)0:1.2.17-lp152.3.3.2(x86_64)0:1.10.5-lp152.3.9.1(noarch)0:20.0.14-lp152.3.15.1(x86_64)0:1.2.12-lp152.2.6.1(x86_64)0:1.16.10-lp152.17.1(x86_64)0:5.8.2-lp152.2.18.1(noarch)0:5.8.2-lp152.2.18.1(x86_64)0:2.4.0-lp152.3.6.1(x86_64)0:2.1.35-lp152.7.6.1(x86_64)0:2.6.2-lp152.4.3.1(i586|x86_64)0:2.32.4-lp152.2.22.1(x86_64)0:2.32.4-lp152.2.22.1(noarch)0:2.32.4-lp152.2.22.1(noarch)0:2.8.0-lp152.2.3.1(i586|x86_64)0:3.68.1-lp152.2.13.1(x86_64)0:3.68.1-lp152.2.13.1(x86_64)0:91.4.0-lp152.2.74.1(i586|x86_64)0:6.1.2-lp152.6.6.1(x86_64)0:6.1.2-lp152.6.6.1(x86_64)0:1.0.3-lp152.2.12.1(noarch)0:3.4.4-lp152.2.3.1(noarch)0:5.0.0-lp152.2.1(noarch)0:2.16.0-lp152.3.9.1(noarch)0:1.2.8-lp152.2.3.2(aarch64|i586|ppc64le|s390x|x86_64)0:3.0.33-lp152.3.12.1(noarch)0:3.0.33-lp152.3.12.1(x86_64)0:1.16.12-lp152.20.1(noarch)0:2.17.0-lp152.3.15.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.2.13-lp152.3.3.1(noarch)0:2.17.0-lp152.3.12.1