Summary
Detail | |||
---|---|---|---|
Vendor | Opensuse | First view | 2012-08-31 |
Product | Leap | Last view | 2022-01-06 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.5 | 2022-01-06 | CVE-2021-46142 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. |
5.5 | 2022-01-06 | CVE-2021-46141 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. |
7.5 | 2022-01-01 | CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. |
7.5 | 2022-01-01 | CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. |
6.5 | 2021-02-09 | CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. |
8.8 | 2021-02-09 | CVE-2021-26675 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. |
6.3 | 2020-11-04 | CVE-2020-28049 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. |
8.8 | 2020-11-03 | CVE-2020-16009 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-16008 | Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. |
7.8 | 2020-11-03 | CVE-2020-16007 | Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. |
8.8 | 2020-11-03 | CVE-2020-16006 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-16005 | Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 | 2020-11-03 | CVE-2020-16004 | Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
5.5 | 2020-10-29 | CVE-2020-14323 | A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. |
5.5 | 2020-10-22 | CVE-2020-27673 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. |
7 | 2020-10-22 | CVE-2020-27672 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. |
7.8 | 2020-10-22 | CVE-2020-27671 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. |
7.8 | 2020-10-22 | CVE-2020-27670 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. |
3.3 | 2020-10-22 | CVE-2020-27560 | ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. |
9.8 | 2020-10-22 | CVE-2020-15683 | Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. |
5.3 | 2020-10-21 | CVE-2020-14803 | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |
3.1 | 2020-10-21 | CVE-2020-14798 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). |
3.7 | 2020-10-21 | CVE-2020-14797 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). |
3.1 | 2020-10-21 | CVE-2020-14796 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). |
4.2 | 2020-10-21 | CVE-2020-14792 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
12% (166) | CWE-787 | Out-of-bounds Write |
12% (159) | CWE-125 | Out-of-bounds Read |
9% (122) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
5% (79) | CWE-416 | Use After Free |
4% (61) | CWE-190 | Integer Overflow or Wraparound |
4% (61) | CWE-20 | Improper Input Validation |
3% (52) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
3% (49) | CWE-476 | NULL Pointer Dereference |
3% (40) | CWE-200 | Information Exposure |
1% (25) | CWE-362 | Race Condition |
1% (25) | CWE-284 | Access Control (Authorization) Issues |
1% (25) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (21) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (18) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (18) | CWE-189 | Numeric Errors |
1% (17) | CWE-330 | Use of Insufficiently Random Values |
1% (17) | CWE-254 | Security Features |
1% (15) | CWE-770 | Allocation of Resources Without Limits or Throttling |
0% (13) | CWE-617 | Reachable Assertion |
0% (13) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (13) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
0% (11) | CWE-772 | Missing Release of Resource after Effective Lifetime |
0% (11) | CWE-502 | Deserialization of Untrusted Data |
0% (11) | CWE-369 | Divide By Zero |
0% (10) | CWE-276 | Incorrect Default Permissions |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:22031 | DSA-2850-1 libyaml - heap-based buffer overflow |
oval:org.mitre.oval:def:21878 | USN-2098-1 -- libyaml vulnerability |
oval:org.mitre.oval:def:24291 | DSA-2870-1 libyaml-libyaml-perl - heap-based buffer overflow |
oval:org.mitre.oval:def:29226 | DSA-2850-2 -- libyaml -- heap-based buffer overflow |
oval:org.mitre.oval:def:24469 | DSA-2884-1 libyaml - security update |
oval:org.mitre.oval:def:23896 | DSA-2885-1 libyaml-libyaml-perl - security update |
oval:org.mitre.oval:def:24450 | USN-2160-1 -- libyaml vulnerability |
oval:org.mitre.oval:def:24117 | USN-2161-1 -- libyaml-libyaml-perl vulnerabilities |
oval:org.mitre.oval:def:29055 | SUSE-SU-2015:0953-2 -- Security update for perl-YAML-LibYAML (moderate) |
oval:org.mitre.oval:def:24301 | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, ... |
oval:org.mitre.oval:def:24135 | AIX OpenSSL DTLS invalid fragment vulnerability |
oval:org.mitre.oval:def:24593 | Remote Unauthorized Access |
OpenVAS Exploits
id | Description |
---|---|
2012-09-07 | Name : FreeBSD Ports: gatekeeper File : nvt/freebsd_gatekeeper0.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2014-A-0099 | Multiple Vulnerabilities in McAfee Email Gateway Severity: Category I - VMSKEY: V0053203 |
2014-B-0085 | Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity: Category I - VMSKEY: V0052899 |
2014-B-0077 | Multiple Vulnerabilities in McAfee Web Gateway Severity: Category I - VMSKEY: V0052625 |
2014-B-0080 | Multiple Vulnerabilities in Stunnel Severity: Category I - VMSKEY: V0052627 |
2014-A-0087 | Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity: Category I - VMSKEY: V0052637 |
2014-B-0079 | Multiple Vulnerabilities in IBM AIX Severity: Category I - VMSKEY: V0052641 |
2014-A-0083 | Multiple Vulnerabilities in OpenSSL Severity: Category I - VMSKEY: V0052495 |
Snort® IPS/IDS
Date | Description |
---|---|
2021-02-02 | Grafana Labs Grafana denial of service attempt RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3 |
2021-01-12 | Apache Server mod_proxy Error Page cross site scripting attempt RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1 |
2020-12-10 | Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt RuleID : 56290 - Type : OS-WINDOWS - Revision : 6 |
2020-12-08 | PyYAML Python object serialization attempt RuleID : 56224 - Type : POLICY-OTHER - Revision : 1 |
2020-12-08 | PyYAML Python object serialization attempt RuleID : 56223 - Type : POLICY-OTHER - Revision : 1 |
2020-11-24 | Apache Tomcat WebSocket length denial of service attempt RuleID : 56086 - Type : SERVER-WEBAPP - Revision : 1 |
2020-11-19 | Linux kernel af_packet tpacket_rcv integer overflow attempt RuleID : 56052 - Type : OS-LINUX - Revision : 1 |
2020-11-19 | Linux kernel af_packet tpacket_rcv integer overflow attempt RuleID : 56051 - Type : OS-LINUX - Revision : 1 |
2020-10-22 | Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin... RuleID : 55802 - Type : OS-WINDOWS - Revision : 1 |
2020-10-22 | Apache Tomcat HTTP/2 denial of service attempt RuleID : 55801 - Type : SERVER-WEBAPP - Revision : 1 |
2020-10-22 | Apache Tomcat HTTP/2 denial of service attempt RuleID : 55800 - Type : SERVER-WEBAPP - Revision : 1 |
2020-10-20 | Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil... RuleID : 55704 - Type : OS-WINDOWS - Revision : 2 |
2020-10-20 | Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil... RuleID : 55703 - Type : OS-WINDOWS - Revision : 2 |
2020-07-30 | PHP php_strip_tags_ex function out-of-bounds read attempt RuleID : 54406 - Type : SERVER-WEBAPP - Revision : 1 |
2020-07-30 | PHP php_strip_tags_ex function out-of-bounds read attempt RuleID : 54405 - Type : SERVER-WEBAPP - Revision : 1 |
2020-07-07 | Apache Tomcat FileStore directory traversal attempt RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54033 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54032 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54031 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack wheel directory traversal attempt RuleID : 54030 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack authentication bypass attempt RuleID : 54023 - Type : SERVER-OTHER - Revision : 3 |
2020-06-23 | SaltStack authentication bypass attempt RuleID : 54022 - Type : SERVER-OTHER - Revision : 3 |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1029 attack attempt RuleID : 53565 - Type : PROTOCOL-TFTP - Revision : 1 |
2020-04-21 | Apache Log4j SocketServer insecure deserialization remote code execution attempt RuleID : 53475 - Type : SERVER-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1018 attack attempt RuleID : 53418 - Type : SERVER-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-18 | Name: The remote Debian host is missing a security update. File: debian_DLA-1635.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Fedora host is missing a security update. File: fedora_2019-1198005e1f.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Fedora host is missing a security update. File: fedora_2019-c424e3bb72.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Debian host is missing a security update. File: debian_DLA-1631.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote Debian host is missing a security update. File: debian_DLA-1627.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote Debian host is missing a security update. File: debian_DLA-1628.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote Fedora host is missing a security update. File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-078b082cbe.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-08550a9006.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1eec1f0d17.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-28f30efaf6.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-2bf852f063.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-327707371e.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-32c8599fe1.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-33c7c17e71.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4544e8dbc8.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-49d6e4bc3f.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4e660226e7.nasl - Type: ACT_GATHER_INFO |