Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-3836 3Fedoraproject GnuOpensuse 3Fedora GnutlsLeap Nov 21, 2024 Apr 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVE-2019-5739 2Nodejs Opensuse 2Leap Node.js Nov 21, 2024 Mar 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior...Show more Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.Show less
CVE-2019-5737 2Nodejs Opensuse 2Leap Node.js Nov 21, 2024 Mar 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and...Show more In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.Show less
CVE-2019-7524 4Canonical DebianDovecot+1 more 4Debian Linux DovecotLeap+1 more Nov 21, 2024 Mar 28, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and...Show more In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.Show less
CVE-2019-0160 4Fedoraproject OpensuseRedhat+1 more 8Edk Ii Enterprise LinuxEnterprise Linux Eus+5 more Nov 21, 2024 Mar 27, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2018-12180 2Opensuse Tianocore 2Edk Ii Leap Nov 21, 2024 Mar 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
CVE-2019-5419 5Debian FedoraprojectOpensuse+2 more 6Cloudforms Debian LinuxFedora+3 more Nov 21, 2024 Mar 27, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unre...Show more There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.Show less
CVE-2019-5418 5Debian FedoraprojectOpensuse+2 more 6Cloudforms Debian LinuxFedora+3 more Oct 30, 2025 Mar 27, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesyste...Show more There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.Show less
CVE-2019-3840 2Opensuse Redhat 2Leap Libvirt Nov 21, 2024 Mar 27, 2019 N/A· v4 6.3 MEDIUM· v3 3.5 LOW· v2 A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a de...Show more A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.Show less
CVE-2019-3814 3Canonical DovecotOpensuse 3Dovecot LeapUbuntu Linux Nov 21, 2024 Mar 27, 2019 N/A· v4 6.8 MEDIUM· v3 4.9 MEDIUM· v2 It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this iss...Show more It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.Show less
CVE-2019-3861 4Debian Libssh2Netapp+1 more 4Debian Linux LeapLibssh2+1 more Nov 21, 2024 Mar 25, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able t...Show more An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.Show less
CVE-2019-3860 4Debian Libssh2Netapp+1 more 4Debian Linux LeapLibssh2+1 more Nov 21, 2024 Mar 25, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read da...Show more An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.Show less
CVE-2019-3857 7Debian FedoraprojectLibssh2+4 more 13Debian Linux Enterprise LinuxEnterprise Linux Desktop+10 more Nov 21, 2024 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SS...Show more An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.Show less
CVE-2019-3856 7Debian FedoraprojectLibssh2+4 more 13Debian Linux Enterprise LinuxEnterprise Linux Desktop+10 more Nov 21, 2024 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to e...Show more An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.Show less
CVE-2019-3838 5Artifex DebianFedoraproject+2 more 12Ansible Tower Debian LinuxEnterprise Linux+9 more Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the f...Show more It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.Show less
CVE-2019-3835 5Artifex DebianFedoraproject+2 more 11Ansible Tower Debian LinuxEnterprise Linux Desktop+8 more Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file syst...Show more It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.Show less
CVE-2019-3863 5Debian Libssh2Netapp+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Dec 19, 2025 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max charac...Show more A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.Show less
CVE-2019-9948 6Canonical DebianFedoraproject+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more Nov 21, 2024 Mar 23, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('l...Show more urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.Show less
CVE-2019-9924 5Canonical DebianGnu+2 more 6Bash Debian LinuxHci Management Node+3 more Nov 21, 2024 Mar 22, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-9923 2Gnu Opensuse 2Leap Tar Aug 6, 2025 Mar 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Previous 1...616263...95 Next