Vulnerabilities > Opensuse > Leap > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-22 CVE-2020-11099 In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet.
network
low complexity
freerdp opensuse fedoraproject canonical debian
6.5
2020-06-22 CVE-2020-11098 In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put.
network
low complexity
freerdp fedoraproject opensuse canonical debian
6.5
2020-06-22 CVE-2020-11097 In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES.
network
low complexity
freerdp fedoraproject opensuse canonical debian
5.4
2020-06-22 CVE-2020-11096 In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order.
network
low complexity
freerdp fedoraproject opensuse canonical debian
6.5
2020-06-22 CVE-2020-11095 In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES.
network
low complexity
freerdp fedoraproject opensuse canonical debian
5.4
2020-06-21 CVE-2020-14954 Injection vulnerability in multiple products
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.
5.9
2020-06-18 CVE-2020-14422 Use of Insufficiently Random Values vulnerability in multiple products
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
network
high complexity
opensuse python fedoraproject oracle CWE-330
5.9
2020-06-18 CVE-2020-14416 Use After Free vulnerability in multiple products
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824.
local
low complexity
linux opensuse CWE-416
4.2
2020-06-17 CVE-2020-8619 Improper Resource Shutdown or Release vulnerability in multiple products
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered.
4.9
2020-06-17 CVE-2020-8618 Reachable Assertion vulnerability in multiple products
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
network
low complexity
isc opensuse netapp canonical CWE-617
4.9