Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Leap Security Vulnerabilities

cve
cve

CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the Persisten...

7CVSS

7.5AI Score

0.922EPSS

2020-05-20 07:15 PM
1018
23
cve
cve

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for...

7.5CVSS

8.3AI Score

0.006EPSS

2020-08-07 04:15 PM
2793
In Wild
4
cve
cve

CVE-2021-26675

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

8.8CVSS

8.7AI Score

0.002EPSS

2021-02-09 04:15 PM
153
9
cve
cve

CVE-2021-26676

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

6.5CVSS

7.1AI Score

0.001EPSS

2021-02-09 04:15 PM
149
6
cve
cve

CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

7.5CVSS

7.4AI Score

0.004EPSS

2022-01-01 05:15 AM
298
2
cve
cve

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

7.5CVSS

7.5AI Score

0.004EPSS

2022-01-01 06:15 AM
345
2
cve
cve

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-06 04:15 AM
92
cve
cve

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-06 04:15 AM
86
cve
cve

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the pa...

4.4CVSS

4.2AI Score

0.0004EPSS

2022-10-06 06:16 PM
64
9
cve
cve

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. ...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-02-15 10:15 AM
33
cve
cve

CVE-2023-32182

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before ...

7.8CVSS

7.4AI Score

0.0004EPSS

2023-09-19 04:15 PM
30
Total number of security vulnerabilities1911