Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-11328 3Fedoraproject OpensuseSylabs 4Backports FedoraLeap+1 more Nov 21, 2024 May 14, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit fil...Show more An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.Show less
CVE-2019-12083 3Fedoraproject OpensuseRust Lang 3Fedora LeapRust Nov 21, 2024 May 13, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is ove...Show more The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.Show less
CVE-2019-11884 6Canonical DebianFedoraproject+3 more 12Debian Linux Enterprise LinuxEnterprise Linux Eus+9 more Nov 21, 2024 May 10, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a...Show more The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.Show less
CVE-2019-11494 3Dovecot FedoraprojectOpensuse 3Dovecot FedoraLeap Nov 21, 2024 May 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
CVE-2019-5021 3F5 GliderlabsOpensuse 3Big Ip Controller Docker AlpineLeap Nov 21, 2024 May 8, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature...Show more Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.Show less
CVE-2019-11499 3Dovecot FedoraprojectOpensuse 3Dovecot FedoraLeap Nov 21, 2024 May 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
CVE-2019-11815 5Canonical DebianLinux+2 more 14Active Iq Unified Manager Cn1610 FirmwareDebian Linux+11 more Nov 21, 2024 May 8, 2019 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
CVE-2019-7443 3Fedoraproject KdeOpensuse 4Backports FedoraKauth+1 more Nov 21, 2024 May 7, 2019 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with...Show more KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.Show less
CVE-2018-19456 2Opensuse Wplaunchpad 2Leap Wpbackupplus Nov 21, 2024 May 7, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.
CVE-2019-11811 3Linux OpensuseRedhat 9Enterprise Linux Enterprise Linux AusEnterprise Linux Desktop+6 more Nov 21, 2024 May 7, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/ch...Show more An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.Show less
CVE-2018-20836 6Canonical DebianF5+3 more 13Active Iq Unified Manager Debian LinuxHci Compute Node+10 more Nov 21, 2024 May 7, 2019 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
CVE-2019-11036 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraLeap+3 more Nov 21, 2024 May 3, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to in...Show more When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.Show less
CVE-2019-11627 3Debian OpensuseSigning Party Project 3Debian Linux LeapSigning Party Nov 21, 2024 Apr 30, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
CVE-2019-10131 5Canonical DebianImagemagick+2 more 5Debian Linux Enterprise LinuxImagemagick+2 more Nov 21, 2024 Apr 30, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to...Show more An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.Show less
CVE-2019-11506 4Canonical DebianGraphicsmagick+1 more 5Backports Sle Debian LinuxGraphicsmagick+2 more Nov 21, 2024 Apr 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly...Show more In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.Show less
CVE-2019-11505 4Canonical DebianGraphicsmagick+1 more 5Backports Sle Debian LinuxGraphicsmagick+2 more Nov 21, 2024 Apr 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly hav...Show more In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.Show less
CVE-2019-10691 2Dovecot Opensuse 2Dovecot Leap Nov 21, 2024 Apr 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
CVE-2019-3882 6Canonical DebianFedoraproject+3 more 13Active Iq Unified Manager For Vmware Vsphere Cn1610 FirmwareDebian Linux+10 more Nov 21, 2024 Apr 24, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administra...Show more A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.Show less
CVE-2019-11486 4Debian LinuxNetapp+1 more 10Active Iq Debian LinuxHci Management Node+7 more Nov 21, 2024 Apr 23, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVE-2019-2698 6Canonical DebianHp+3 more 15Debian Linux Enterprise LinuxEnterprise Linux Desktop+12 more Nov 21, 2024 Apr 23, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with netw...Show more Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).Show less

Previous 1...585960...95 Next