Leap

leap

Vendor: Opensuse • 1,898 CVEs

CVEs (1,898)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-15218 6Canonical DebianLinux+3 more 10Active Iq Unified Manager Data Availability ServicesDebian Linux+7 more Nov 21, 2024 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
CVE-2019-15217 5Canonical DebianLinux+2 more 9Active Iq Unified Manager Data Availability ServicesDebian Linux+6 more Nov 21, 2024 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
CVE-2019-15216 5Canonical DebianLinux+2 more 9Active Iq Unified Manager Data Availability ServicesDebian Linux+6 more Nov 21, 2024 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.
CVE-2019-15215 5Canonical DebianLinux+2 more 9Active Iq Unified Manager Data Availability ServicesDebian Linux+6 more Nov 21, 2024 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.
CVE-2019-15214 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Aug 19, 2019 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core...Show more An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.Show less
CVE-2019-15213 3Linux NetappOpensuse 7Active Iq Unified Manager Data Availability ServicesH410c Firmware+4 more May 28, 2026 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
CVE-2019-15212 5Canonical DebianLinux+2 more 9Active Iq Unified Manager Data Availability ServicesDebian Linux+6 more Nov 21, 2024 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
CVE-2019-15211 5Canonical DebianLinux+2 more 9Active Iq Unified Manager Data Availability ServicesDebian Linux+6 more Nov 21, 2024 Aug 19, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not...Show more An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.Show less
CVE-2017-18551 2Linux Opensuse 2Leap Linux Kernel Nov 21, 2024 Aug 19, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
CVE-2019-15145 5Canonical DebianDjvulibre Project+2 more 5Debian Linux DjvulibreFedora+2 more Nov 21, 2024 Aug 18, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in li...Show more DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.Show less
CVE-2019-15144 5Canonical DebianDjvulibre Project+2 more 5Debian Linux DjvulibreFedora+2 more Nov 21, 2024 Aug 18, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mish...Show more In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.Show less
CVE-2019-15143 5Canonical DebianDjvulibre Project+2 more 5Debian Linux DjvulibreFedora+2 more Nov 21, 2024 Aug 18, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to li...Show more In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.Show less
CVE-2019-15142 5Canonical DebianDjvulibre Project+2 more 5Debian Linux DjvulibreFedora+2 more Nov 21, 2024 Aug 18, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by craf...Show more In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.Show less
CVE-2019-15141 2Imagemagick Opensuse 2Imagemagick Leap Nov 21, 2024 Aug 18, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRew...Show more WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.Show less
CVE-2019-15118 5Canonical DebianLinux+2 more 10Active Iq Unified Manager Data Availability ServicesDebian Linux+7 more Nov 21, 2024 Aug 16, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
CVE-2019-15098 5Canonical DebianLinux+2 more 8Active Iq Performance Analytics Services Active Iq Unified ManagerData Availability Services+5 more Nov 21, 2024 Aug 16, 2019 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
CVE-2019-15090 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Aug 16, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.
CVE-2019-9852 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Aug 15, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the sha...Show more LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.Show less
CVE-2019-9851 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Aug 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address...Show more LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.Show less
CVE-2019-9850 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Aug 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature w...Show more LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.Show less

Previous 1...474849...95 Next