Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-8341 2Opensuse Pocoo 2Jinja2 Leap Nov 21, 2024 Feb 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker...Show more An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxingShow less
CVE-2019-5736 13Apache CanonicalD2iq+10 more 19Backports Sle Container Development KitDc/os+16 more Nov 21, 2024 Feb 11, 2019 N/A· v4 8.6 HIGH· v3 9.3 HIGH· v2 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as r...Show more runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.Show less
CVE-2019-7665 5Canonical DebianElfutils Project+2 more 11Debian Linux ElfutilsEnterprise Linux+8 more Nov 21, 2024 Feb 9, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash...Show more In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.Show less
CVE-2019-7663 4Canonical DebianLibtiff+1 more 4Debian Linux LeapLibtiff+1 more Nov 21, 2024 Feb 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leve...Show more An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.Show less
CVE-2019-7638 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-7637 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7636 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 8, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7635 5Canonical DebianFedoraproject+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Feb 8, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7578 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 7, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVE-2019-7577 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
CVE-2019-7576 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7575 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7574 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7573 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
CVE-2019-7572 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7548 5Debian OpensuseOracle+2 more 9Backports Sle Communications Operations MonitorDebian Linux+6 more Nov 21, 2024 Feb 6, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2019-3820 3Canonical GnomeOpensuse 3Gnome Shell LeapUbuntu Linux Nov 21, 2024 Feb 6, 2019 N/A· v4 4.3 MEDIUM· v3 4.6 MEDIUM· v2 It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts,...Show more It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.Show less
CVE-2018-18506 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise LinuxEnterprise Linux Desktop+9 more Nov 21, 2024 Feb 5, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the p...Show more When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.Show less
CVE-2018-8800 3Debian OpensuseRdesktop 3Debian Linux LeapRdesktop Nov 21, 2024 Feb 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8797 3Debian OpensuseRdesktop 3Debian Linux LeapRdesktop Nov 21, 2024 Feb 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.

Previous 1...656667...95 Next