Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-31431 12Amazon AristaCanonical+9 more 41Amazon Linux Basesystem ModuleCaas Platform+38 more May 21, 2026 Apr 22, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is...Show more In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.Show less
CVE-2025-32463 6Canonical DebianOpensuse+3 more 8Debian Linux Enterprise LinuxLeap+5 more Nov 5, 2025 Jun 30, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVE-2023-32182 2Opensuse Suse 3Leap Linux Enterprise High Performance ComputingSuse Linux Enterprise Desktop Nov 21, 2024 Sep 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Lea...Show more A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. Show less
CVE-2022-45153 2Opensuse Suse 3Leap Linux Enterprise Module For Sap ApplicationsLinux Enterprise Server Nov 21, 2024 Feb 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attacke...Show more An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.Show less
CVE-2022-31252 2Opensuse Suse 3Leap Leap MicroLinux Enterprise Server Nov 21, 2024 Oct 6, 2022 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local a...Show more A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.Show less
CVE-2021-46142 4Debian FedoraprojectOpensuse+1 more 7Backports Debian LinuxExtra Packages For Enterprise Linux+4 more Nov 21, 2024 Jan 6, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2021-46141 4Debian FedoraprojectOpensuse+1 more 7Backports Debian LinuxExtra Packages For Enterprise Linux+4 more Nov 21, 2024 Jan 6, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2021-41819 6Debian FedoraprojectOpensuse+3 more 9Cgi Debian LinuxEnterprise Linux+6 more May 22, 2025 Jan 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2021-41817 6Debian FedoraprojectOpensuse+3 more 9Date Debian LinuxEnterprise Linux+6 more Nov 21, 2024 Jan 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-26676 3Debian IntelOpensuse 3Connman Debian LinuxLeap Nov 21, 2024 Feb 9, 2021 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
CVE-2021-26675 3Debian IntelOpensuse 3Connman Debian LinuxLeap Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
CVE-2020-0569 5Canonical DebianIntel+2 more 157265 Firmware Ac 3165 FirmwareAc 3168 Firmware+12 more Nov 21, 2024 Nov 23, 2020 N/A· v4 5.7 MEDIUM· v3 2.7 LOW· v2 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-16846 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraLeap+1 more Nov 7, 2025 Nov 6, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVE-2020-28049 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraLeap+1 more Nov 21, 2024 Nov 4, 2020 N/A· v4 6.3 MEDIUM· v3 3.3 LOW· v2 An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper...Show more An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.Show less
CVE-2020-16011 3Debian GoogleOpensuse 4Backports Sle ChromeDebian Linux+1 more Nov 21, 2024 Nov 3, 2020 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16009 6Cefsharp DebianFedoraproject+3 more 8Backports Sle CefsharpChrome+5 more Oct 24, 2025 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16008 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
CVE-2020-16007 3Debian GoogleOpensuse 4Backports Sle ChromeDebian Linux+1 more Nov 21, 2024 Nov 3, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
CVE-2020-16006 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16005 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Nov 3, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

12 3 4 5...95 Next