Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-19451 3Fedoraproject GnomeOpensuse 3Dia FedoraLeap Nov 21, 2024 Nov 29, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thum...Show more When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.Show less
CVE-2019-14895 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Nov 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the...Show more A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.Show less
CVE-2019-19318 5Canonical DebianLinux+2 more 14Active Iq Unified Manager Aff A400 FirmwareAff A700s Firmware+11 more Nov 21, 2024 Nov 28, 2019 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already f...Show more In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,Show less
CVE-2019-19319 3Linux OpensuseRedhat 3Enterprise Linux LeapLinux Kernel Nov 21, 2024 Nov 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.4 MEDIUM· v2 In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large o...Show more In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.Show less
CVE-2019-18660 5Canonical FedoraprojectLinux+2 more 5Enterprise Linux FedoraLeap+2 more Nov 21, 2024 Nov 27, 2019 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and...Show more The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.Show less
CVE-2019-16255 4Debian OpensuseOracle+1 more 4Debian Linux GraalvmLeap+1 more Nov 21, 2024 Nov 26, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can explo...Show more Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.Show less
CVE-2019-12526 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Nov 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that th...Show more An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.Show less
CVE-2019-12523 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Nov 26, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes a...Show more An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.Show less
CVE-2019-14856 2Opensuse Redhat 4Ansible Backports SleLeap+1 more Nov 21, 2024 Nov 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
CVE-2019-13720 2Google Opensuse 2Chrome Leap Oct 24, 2025 Nov 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-10214 5Buildah Project Libpod ProjectOpensuse+2 more 6Buildah Enterprise LinuxLeap+3 more Nov 21, 2024 Nov 25, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container regi...Show more The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.Show less
CVE-2019-18622 3Fedoraproject OpensusePhpmyadmin 4Backports Sle FedoraLeap+1 more Nov 21, 2024 Nov 22, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
CVE-2019-10206 3Debian OpensuseRedhat 4Ansible Backports SleDebian Linux+1 more Nov 21, 2024 Nov 22, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters....Show more ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.Show less
CVE-2019-18934 3Fedoraproject NlnetlabsOpensuse 3Fedora LeapUnbound Nov 21, 2024 Nov 19, 2019 N/A· v4 7.3 HIGH· v3 6.8 MEDIUM· v2 Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--ena...Show more Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.Show less
CVE-2019-19083 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Nov 18, 2019 N/A· v4 4.7 MEDIUM· v3 4.7 MEDIUM· v2 Memory leaks in clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_sour...Show more Memory leaks in clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.Show less
CVE-2019-19082 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Nov 18, 2019 N/A· v4 4.7 MEDIUM· v3 4.7 MEDIUM· v2 Memory leaks in create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_...Show more Memory leaks in create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.Show less
CVE-2019-19081 3Linux OpensuseRedhat 3Enterprise Linux LeapLinux Kernel Nov 21, 2024 Nov 18, 2019 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID...Show more A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.Show less
CVE-2019-19080 2Linux Opensuse 2Leap Linux Kernel Nov 21, 2024 Nov 18, 2019 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka C...Show more Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.Show less
CVE-2019-19077 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Nov 18, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to u...Show more A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.Show less
CVE-2019-19073 3Fedoraproject LinuxOpensuse 3Fedora LeapLinux Kernel Nov 21, 2024 Nov 18, 2019 N/A· v4 4.0 MEDIUM· v3 2.1 LOW· v2 Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This aff...Show more Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.Show less

Previous 1...383940...95 Next