Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14821 8Canonical DebianFedoraproject+5 more 28Aff A700s Firmware Data Availability ServicesDebian Linux+25 more Nov 21, 2024 Sep 19, 2019 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kv...Show more An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.Show less
CVE-2019-11779 5Canonical DebianEclipse+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Sep 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then...Show more In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.Show less
CVE-2019-14835 8Canonical DebianFedoraproject+5 more 34Aff A700s Firmware Data Availability ServicesDebian Linux+31 more Nov 21, 2024 Sep 17, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged gu...Show more A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.Show less
CVE-2019-16239 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Sep 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
CVE-2019-5482 6Debian FedoraprojectHaxx+3 more 17Cloud Backup Communications Operations MonitorCommunications Session Border Controller+14 more Apr 15, 2026 Sep 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-5481 6Debian FedoraprojectHaxx+3 more 12Cloud Backup Communications Operations MonitorCommunications Session Border Controller+9 more Apr 16, 2026 Sep 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-16319 3Debian OpensuseWireshark 3Debian Linux LeapWireshark Nov 21, 2024 Sep 15, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
CVE-2019-15031 4Canonical LinuxOpensuse+1 more 4Enterprise Linux LeapLinux Kernel+1 more Nov 21, 2024 Sep 13, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardw...Show more In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.Show less
CVE-2019-15030 4Canonical LinuxOpensuse+1 more 4Enterprise Linux LeapLinux Kernel+1 more Nov 21, 2024 Sep 13, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transa...Show more In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.Show less
CVE-2019-16234 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Sep 11, 2019 N/A· v4 4.7 MEDIUM· v3 4.7 MEDIUM· v2 drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16233 4Canonical LinuxOpensuse+1 more 4Enterprise Linux LeapLinux Kernel+1 more Nov 21, 2024 Sep 11, 2019 N/A· v4 4.1 MEDIUM· v3 4.7 MEDIUM· v2 drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16232 4Canonical FedoraprojectLinux+1 more 4Fedora LeapLinux Kernel+1 more Nov 21, 2024 Sep 11, 2019 N/A· v4 4.1 MEDIUM· v3 4.7 MEDIUM· v2 drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16231 4Canonical LinuxOpensuse+1 more 4Enterprise Linux LeapLinux Kernel+1 more Nov 21, 2024 Sep 11, 2019 N/A· v4 4.1 MEDIUM· v3 4.7 MEDIUM· v2 drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16167 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Sep 9, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
CVE-2016-10937 4Debian FedoraprojectImapfilter Project+1 more 5Backports Sle Debian LinuxFedora+2 more Nov 21, 2024 Sep 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.
CVE-2019-9458 2Google Opensuse 2Android Leap Nov 21, 2024 Sep 6, 2019 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2019-9456 2Google Opensuse 2Android Leap Nov 21, 2024 Sep 6, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction...Show more In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2019-9455 2Google Opensuse 2Android Leap Nov 21, 2024 Sep 6, 2019 N/A· v4 2.3 LOW· v3 2.1 LOW· v2 In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed...Show more In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2019-9855 2Libreoffice Opensuse 2Leap Libreoffice Nov 21, 2024 Sep 6, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature w...Show more LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.Show less
CVE-2019-9854 6Canonical DebianFedoraproject+3 more 6Debian Linux Enterprise LinuxFedora+3 more Nov 21, 2024 Sep 6, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the sha...Show more LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.Show less

Previous 1...454647...95 Next