Leap

leap

CVEs (35)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-17806 6Canonical DebianLinux+3 more 8Debian Linux LeapLeap+5 more May 13, 2026 Dec 20, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interfa...Show more The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.Show less
CVE-2017-17805 6Canonical DebianLinux+3 more 8Debian Linux LeapLeap+5 more May 13, 2026 Dec 20, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER)...Show more The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.Show less
CVE-2016-1254 5Debian FedoraprojectOpensuse+2 more 6Debian Linux FedoraLeap+3 more May 13, 2026 Dec 5, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVE-2015-3138 3Opensuse Opensuse ProjectTcpdump 3Leap LeapTcpdump May 13, 2026 Sep 28, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
CVE-2015-5203 4Fedoraproject Jasper ProjectOpensuse+1 more 5Fedora JasperLeap+2 more May 13, 2026 Aug 2, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5221 4Fedoraproject Jasper ProjectOpensuse+1 more 5Fedora JasperLeap+2 more May 13, 2026 Jul 25, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000...Show more Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.Show less
CVE-2016-9961 5Fedoraproject Game Music Emu ProjectNovell+2 more 7Fedora Game Music EmuLeap+4 more May 13, 2026 Jun 6, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9960 5Fedoraproject Game Music Emu ProjectNovell+2 more 7Fedora Game Music EmuLeap+4 more May 13, 2026 Jun 6, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2016-9959 4Game Music Emu Project OpensuseOpensuse Project+1 more 9Game Music Emu LeapLeap+6 more May 13, 2026 Apr 12, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2016-9958 4Game Music Emu Project OpensuseOpensuse Project+1 more 9Game Music Emu LeapLeap+6 more May 13, 2026 Apr 12, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVE-2016-9957 4Game Music Emu Project OpensuseOpensuse Project+1 more 9Game Music Emu LeapLeap+6 more May 13, 2026 Apr 12, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in game-music-emu before 0.6.1.
CVE-2017-6542 3Opensuse Opensuse ProjectPutty 3Leap LeapPutty May 13, 2026 Mar 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain s...Show more The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.Show less
CVE-2015-8010 3Icinga OpensuseOpensuse Project 3Icinga LeapLeap May 13, 2026 Mar 27, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-...Show more Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.Show less
CVE-2016-7797 5Clusterlabs OpensuseOpensuse Project+2 more 7Enterprise Linux High Availability Enterprise Linux Resilient StorageLeap+4 more May 13, 2026 Mar 24, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVE-2016-9556 3Debian ImagemagickOpensuse Project 3Debian Linux ImagemagickLeap May 13, 2026 Mar 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2016-10048 2Imagemagick Opensuse Project 2Imagemagick Leap May 13, 2026 Mar 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVE-2014-9851 4Canonical ImagemagickOpensuse+1 more 9Imagemagick LeapOpensuse+6 more May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
CVE-2014-9850 4Canonical ImagemagickOpensuse+1 more 8Imagemagick LeapOpensuse+5 more May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
CVE-2014-9849 4Canonical ImagemagickOpensuse+1 more 9Imagemagick LeapOpensuse+6 more May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
CVE-2014-9848 4Canonical ImagemagickOpensuse+1 more 10Imagemagick LeapLeap+7 more May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

12 Next