Vulnerabilities > Opensuse > Leap
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-05 | CVE-2020-8631 | Use of Insufficiently Random Values vulnerability in multiple products cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | 2.1 |
2020-02-05 | CVE-2020-5208 | Classic Buffer Overflow vulnerability in multiple products It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. | 8.8 |
2020-02-04 | CVE-2019-12528 | An issue was discovered in Squid before 4.10. | 7.5 |
2020-02-04 | CVE-2020-8517 | Improper Input Validation vulnerability in multiple products An issue was discovered in Squid before 4.10. | 5.0 |
2020-02-04 | CVE-2020-8450 | Incorrect Calculation of Buffer Size vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.3 |
2020-02-04 | CVE-2020-8449 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.5 |
2020-02-02 | CVE-2019-20446 | Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. | 6.5 |
2020-01-30 | CVE-2020-8492 | Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | 6.5 |
2020-01-29 | CVE-2020-8432 | Double Free vulnerability in multiple products In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. | 9.8 |
2020-01-28 | CVE-2020-0549 | Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |