Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-16843 5Apple CanonicalDebian+2 more 5Debian Linux LeapNginx+2 more Nov 21, 2024 Nov 7, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by...Show more nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.Show less
CVE-2018-19052 4Debian LighttpdOpensuse+1 more 5Backports Sle Debian LinuxLeap+2 more Nov 21, 2024 Nov 7, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration w...Show more An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.Show less
CVE-2018-18544 3Graphicsmagick ImagemagickOpensuse 3Graphicsmagick ImagemagickLeap Nov 21, 2024 Oct 21, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
CVE-2018-18521 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Oct 19, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranli...Show more Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.Show less
CVE-2018-18520 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Oct 19, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file be...Show more An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.Show less
CVE-2017-5934 4Canonical DebianMoinmo+1 more 4Debian Linux LeapMoinmoin+1 more Nov 21, 2024 Oct 15, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-18310 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Oct 15, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a craft...Show more An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.Show less
CVE-2018-18225 3Debian OpensuseWireshark 3Debian Linux LeapWireshark Nov 21, 2024 Oct 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
CVE-2018-18074 4Canonical OpensusePython+1 more 6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+3 more Nov 21, 2024 Oct 9, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by...Show more The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.Show less
CVE-2018-12477 1Opensuse 1Leap Nov 21, 2024 Oct 9, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openS...Show more A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.Show less
CVE-2018-14647 6Canonical DebianFedoraproject+3 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Sep 25, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause...Show more Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.Show less
CVE-2018-16597 3Linux NetappOpensuse 4Active Iq Performance Analytics Services Element SoftwareLeap+1 more Nov 21, 2024 Sep 21, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
CVE-2018-17294 3Canonical LiblouisOpensuse 3Leap LiblouisUbuntu Linux Nov 21, 2024 Sep 21, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by...Show more The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.Show less
CVE-2018-1000802 4Canonical DebianOpensuse+1 more 4Debian Linux LeapPython+1 more Nov 21, 2024 Sep 18, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that c...Show more Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.Show less
CVE-2018-10930 4Debian GlusterOpensuse+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Server+4 more Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10929 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
CVE-2018-10928 4Debian GlusterOpensuse+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Server+4 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create a...Show more A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.Show less
CVE-2018-10927 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-10926 4Debian GlusterOpensuse+1 more 6Debian Linux Enterprise LinuxEnterprise Linux Server+3 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a...Show more A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.Show less
CVE-2018-10923 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any devi...Show more It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.Show less

Previous 1...697071...95 Next