This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2018-05-10
Product Leap Last view 2020-11-04
Version 15.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:leap

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.3 2020-11-04 CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.

8.8 2020-11-03 CVE-2020-16009

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16008

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

7.8 2020-11-03 CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

8.8 2020-11-03 CVE-2020-16006

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16005

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16004

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

5.5 2020-10-29 CVE-2020-14323

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

9.8 2020-10-22 CVE-2020-15683

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

7.5 2020-10-16 CVE-2020-25829

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

5.5 2020-10-07 CVE-2020-26164

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

9.8 2020-10-07 CVE-2020-11800

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

7.2 2020-10-06 CVE-2020-25643

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

5.3 2020-10-05 CVE-2020-8228

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

3.3 2020-09-30 CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

7.1 2020-09-30 CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

7.8 2020-09-30 CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8 2020-09-30 CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.8 2020-09-30 CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.8 2020-09-21 CVE-2020-6576

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.3 2020-09-21 CVE-2020-6575

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6 2020-09-21 CVE-2020-6573

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

4.3 2020-09-21 CVE-2020-6571

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3 2020-09-21 CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.

6.3 2020-09-21 CVE-2020-6569

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
14% (46) CWE-125 Out-of-bounds Read
12% (40) CWE-787 Out-of-bounds Write
8% (28) CWE-416 Use After Free
6% (22) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
4% (14) CWE-190 Integer Overflow or Wraparound
3% (13) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (13) CWE-20 Improper Input Validation
3% (12) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (11) CWE-476 NULL Pointer Dereference
3% (10) CWE-200 Information Exposure
2% (8) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (8) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (7) CWE-772 Missing Release of Resource after Effective Lifetime
2% (7) CWE-770 Allocation of Resources Without Limits or Throttling
2% (7) CWE-269 Improper Privilege Management
2% (7) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (6) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (5) CWE-287 Improper Authentication
1% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (4) CWE-369 Divide By Zero
1% (4) CWE-362 Race Condition
1% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (3) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
0% (2) CWE-755 Improper Handling of Exceptional Conditions
0% (2) CWE-754 Improper Check for Unusual or Exceptional Conditions

Snort® IPS/IDS

Date Description
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52571 - Type : FILE-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52570 - Type : FILE-OTHER - Revision : 1
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52039 - Type : SERVER-OTHER - Revision : 1
2019-12-03 PostgreSQL SCRAM authentication stack buffer overflow attempt
RuleID : 52038 - Type : SERVER-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0843 attack attempt
RuleID : 50270 - Type : FILE-IMAGE - Revision : 2
2020-12-05 TRUFFLEHUNTER TALOS-2019-0843 attack attempt
RuleID : 50269 - Type : FILE-IMAGE - Revision : 2
2019-03-19 Multiple products runc arbitrary code execution attempt
RuleID : 49195 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6243646704.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-08550a9006.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-28f30efaf6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2bf852f063.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-33c7c17e71.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4544e8dbc8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d6e4bc3f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e660226e7.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5ed8fb9efa.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-71fd5db181.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7689556ab2.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7c540fdab4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-937e8a39c4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ee97fc9e81.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d3b53d81e6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bbbd8cc3a6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bba8fed5ab.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ae70d262b0.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ac14dbf3fd.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a54270a213.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9860917db0.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9695e9b0ed.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-89413a04e0.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4359.nasl - Type: ACT_GATHER_INFO