This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2018-05-10
Product Leap Last view 2020-09-21
Version 15.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:leap

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2020-09-21 CVE-2020-6576

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.3 2020-09-21 CVE-2020-6575

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6 2020-09-21 CVE-2020-6573

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

4.3 2020-09-21 CVE-2020-6571

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3 2020-09-21 CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.

6.5 2020-09-21 CVE-2020-6566

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6564

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6562

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6561

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6560

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

8.8 2020-09-21 CVE-2020-6559

Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.3 2020-09-21 CVE-2020-15959

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

8.8 2020-09-16 CVE-2020-25040

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.

8.1 2020-09-16 CVE-2020-25039

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

6.5 2020-09-04 CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).

3.3 2020-09-02 CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

6.5 2020-09-02 CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.

7.3 2020-08-24 CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

7.1 2020-08-24 CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

7.1 2020-08-19 CVE-2020-24394

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

10 2020-08-17 CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

8.8 2020-08-10 CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

7.8 2020-08-07 CVE-2020-8026

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

7.5 2020-08-06 CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

3.3 2020-08-03 CVE-2020-16116

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
13% (35) CWE-125 Out-of-bounds Read
10% (27) CWE-787 Out-of-bounds Write
10% (27) CWE-416 Use After Free
8% (22) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
4% (12) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (10) CWE-200 Information Exposure
3% (10) CWE-190 Integer Overflow or Wraparound
3% (9) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (9) CWE-20 Improper Input Validation
3% (8) CWE-476 NULL Pointer Dereference
2% (7) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (7) CWE-269 Improper Privilege Management
2% (6) CWE-772 Missing Release of Resource after Effective Lifetime
1% (5) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (5) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (5) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (4) CWE-770 Allocation of Resources Without Limits or Throttling
1% (4) CWE-369 Divide By Zero
1% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (3) CWE-362 Race Condition
0% (2) CWE-755 Improper Handling of Exceptional Conditions
0% (2) CWE-706 Use of Incorrectly-Resolved Name or Reference
0% (2) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
0% (2) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
0% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')

Snort® IPS/IDS

Date Description
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5ed8fb9efa.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-08550a9006.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-28f30efaf6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2bf852f063.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-33c7c17e71.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4544e8dbc8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d6e4bc3f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e660226e7.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6243646704.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-71fd5db181.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7689556ab2.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-937e8a39c4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ee97fc9e81.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d3b53d81e6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bbbd8cc3a6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bba8fed5ab.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ae70d262b0.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ac14dbf3fd.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a54270a213.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9860917db0.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9695e9b0ed.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7c540fdab4.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1132.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1132.nasl - Type: ACT_GATHER_INFO