Vulnerabilities > Opensuse > Leap
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-07 | CVE-2020-1700 | Resource Exhaustion vulnerability in multiple products A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. | 6.5 |
2020-02-07 | CVE-2019-15606 | Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | 9.8 |
2020-02-07 | CVE-2019-15605 | HTTP Request Smuggling vulnerability in multiple products HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | 9.8 |
2020-02-07 | CVE-2019-15604 | Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | 7.5 |
2020-02-06 | CVE-2020-8608 | Classic Buffer Overflow vulnerability in multiple products In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | 6.8 |
2020-02-06 | CVE-2020-8649 | Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | 3.6 |
2020-02-06 | CVE-2020-8648 | Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | 3.6 |
2020-02-06 | CVE-2020-8647 | Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | 3.6 |
2020-02-05 | CVE-2020-7216 | Missing Release of Resource after Effective Lifetime vulnerability in Opensuse Wicked An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. | 5.0 |
2020-02-05 | CVE-2020-8632 | Weak Password Requirements vulnerability in multiple products In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | 2.1 |