Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10914 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in...Show more It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.Show less
CVE-2018-10913 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CVE-2018-10911 4Debian GlusterOpensuse+1 more 7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 more Nov 21, 2024 Sep 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
CVE-2018-10907 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit thi...Show more It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.Show less
CVE-2018-10904 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and...Show more It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.Show less
CVE-2018-16412 2Imagemagick Opensuse 2Imagemagick Leap Nov 21, 2024 Sep 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
CVE-2018-16402 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Sep 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-16062 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Aug 29, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2018-6556 4Canonical LinuxcontainersOpensuse+1 more 6Caas Platform LeapLxc+3 more Nov 21, 2024 Aug 10, 2018 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise...Show more lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.Show less
CVE-2018-10916 3Canonical Lftp ProjectOpensuse 3Leap LftpUbuntu Linux Nov 21, 2024 Aug 1, 2018 N/A· v4 6.5 MEDIUM· v3 7.8 HIGH· v2 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may tr...Show more It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.Show less
CVE-2016-9597 5Canonical DebianHp+2 more 6Debian Linux Icewall Federation AgentIcewall File Manager+3 more Nov 21, 2024 Jul 30, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Ov...Show more It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.Show less
CVE-2018-14523 3Aubio OpensuseSuse 3Aubio LeapLinux Enterprise Nov 21, 2024 Jul 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
CVE-2018-14522 3Aubio OpensuseSuse 3Aubio LeapLinux Enterprise Nov 21, 2024 Jul 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
CVE-2018-1129 4Ceph DebianOpensuse+1 more 10Ceph Ceph StorageCeph Storage Mon+7 more Nov 21, 2024 Jul 10, 2018 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature chec...Show more A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.Show less
CVE-2018-1128 3Debian OpensuseRedhat 10Ceph Ceph StorageCeph Storage Mon+7 more Nov 21, 2024 Jul 10, 2018 N/A· v4 7.5 HIGH· v3 5.4 MEDIUM· v2 It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can us...Show more It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.Show less
CVE-2018-10861 4Ceph DebianOpensuse+1 more 9Ceph Ceph StorageCeph Storage Mon+6 more Nov 21, 2024 Jul 10, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous...Show more A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.Show less
CVE-2018-1000613 4Bouncycastle NetappOpensuse+1 more 24Api Gateway Banking PlatformBc Java+21 more May 12, 2025 Jul 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vuln...Show more Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.Show less
CVE-2018-10892 4Docker MobyprojectOpensuse+1 more 6Docker Enterprise LinuxEnterprise Linux Server+3 more Nov 21, 2024 Jul 6, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or tu...Show more The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.Show less
CVE-2018-12910 5Canonical DebianGnome+2 more 9Ansible Tower Debian LinuxEnterprise Linux Desktop+6 more Nov 21, 2024 Jul 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVE-2018-13099 4Canonical DebianLinux+1 more 4Debian Linux LeapLinux Kernel+1 more Nov 21, 2024 Jul 3, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an i...Show more An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.Show less

Previous 1...707172...95 Next