Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-10903 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVE-2019-10901 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
CVE-2019-10899 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
CVE-2019-10896 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
CVE-2019-10895 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
CVE-2019-10894 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVE-2019-0211 8Apache CanonicalDebian+5 more 27Communications Session Report Manager Communications Session Route ManagerDebian Linux+24 more Oct 27, 2025 Apr 8, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) cou...Show more In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.Show less
CVE-2019-0217 8Apache CanonicalDebian+5 more 14Clustered Data Ontap Debian LinuxEnterprise Linux+11 more Nov 21, 2024 Apr 8, 2019 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing config...Show more In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.Show less
CVE-2019-1788 3Clamav DebianOpensuse 3Clamav Debian LinuxLeap Nov 21, 2024 Apr 8, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of ser...Show more A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.Show less
CVE-2019-1787 3Clamav DebianOpensuse 3Clamav Debian LinuxLeap Nov 21, 2024 Apr 8, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (Do...Show more A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.Show less
CVE-2019-11010 3Debian GraphicsmagickOpensuse 3Debian Linux GraphicsmagickLeap Nov 21, 2024 Apr 8, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
CVE-2019-11009 3Debian GraphicsmagickOpensuse 3Debian Linux GraphicsmagickLeap Nov 21, 2024 Apr 8, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.Show less
CVE-2019-11008 4Canonical DebianGraphicsmagick+1 more 5Backports Sle Debian LinuxGraphicsmagick+2 more Nov 21, 2024 Apr 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.Show less
CVE-2019-11007 4Canonical DebianGraphicsmagick+1 more 5Backports Sle Debian LinuxGraphicsmagick+2 more Nov 21, 2024 Apr 8, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.Show less
CVE-2019-11006 3Debian GraphicsmagickOpensuse 3Debian Linux GraphicsmagickLeap Nov 21, 2024 Apr 8, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.Show less
CVE-2019-11005 2Graphicsmagick Opensuse 2Graphicsmagick Leap Nov 21, 2024 Apr 8, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possib...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.Show less
CVE-2019-10740 3Fedoraproject OpensuseRoundcube 4Backports Sle FedoraLeap+1 more Nov 21, 2024 Apr 7, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or A...Show more In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.Show less
CVE-2019-10906 5Canonical FedoraprojectOpensuse+2 more 5Fedora JinjaLeap+2 more Nov 21, 2024 Apr 7, 2019 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2019-3886 3Fedoraproject OpensuseRedhat 3Fedora LeapLibvirt Nov 21, 2024 Apr 4, 2019 N/A· v4 5.4 MEDIUM· v3 4.8 MEDIUM· v2 An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information...Show more An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.Show less
CVE-2018-20506 3Apple OpensuseSqlite 8Icloud Iphone OsItunes+5 more Nov 21, 2024 Apr 3, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, al...Show more SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.Show less

Previous 1...606162...95 Next