Vulnerabilities > Opensuse > Leap > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-22 | CVE-2020-11099 | In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. | 6.5 |
2020-06-22 | CVE-2020-11098 | In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. | 6.5 |
2020-06-22 | CVE-2020-11097 | In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. | 5.4 |
2020-06-22 | CVE-2020-11096 | In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. | 6.5 |
2020-06-22 | CVE-2020-11095 | In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. | 5.4 |
2020-06-21 | CVE-2020-14954 | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |
2020-06-18 | CVE-2020-14422 | Use of Insufficiently Random Values vulnerability in multiple products Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 5.9 |
2020-06-18 | CVE-2020-14416 | Use After Free vulnerability in multiple products In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. | 4.2 |
2020-06-17 | CVE-2020-8619 | Improper Resource Shutdown or Release vulnerability in multiple products In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. | 4.9 |
2020-06-17 | CVE-2020-8618 | Reachable Assertion vulnerability in multiple products An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | 4.9 |