Leap Security Vulnerabilities and Issues — Page 31 of Leap CVE List

Lucene search

OpensuseLeap

1897 matches found

CVE•added 2020/01/24 9:15 a.m.•122 views

CVE-2019-3692

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-...

7.8CVSS7.5AI score0.00168EPSS

CVE•added 2018/07/23 8:29 a.m.•121 views

CVE-2018-14523

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.

8.8CVSS8.5AI score0.00448EPSS

CVE•added 2019/07/23 11:15 p.m.•121 views

CVE-2019-2850

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

2.8CVSS3.9AI score0.00166EPSS

CVE•added 2020/07/15 6:15 p.m.•121 views

CVE-2020-14650

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...

5.3CVSS5.5AI score0.00146EPSS

CVE•added 2020/02/05 3:15 p.m.•121 views

CVE-2020-7216

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.

7.5CVSS8AI score0.00341EPSS

CVE•added 2020/10/05 2:15 p.m.•121 views

CVE-2020-8228

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

5.3CVSS5.5AI score0.00451EPSS

CVE•added 2016/07/05 1:59 a.m.•120 views

CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

7.5CVSS7.3AI score0.19204EPSS

CVE•added 2016/07/05 1:59 a.m.•120 views

CVE-2016-4954

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

7.5CVSS6.9AI score0.07993EPSS

CVE•added 2019/03/21 4:0 p.m.•120 views

CVE-2018-18849

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

5.5CVSS7.1AI score0.00054EPSS

CVE•added 2018/12/05 11:29 a.m.•120 views

CVE-2018-19865

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

7.5CVSS7.4AI score0.00813EPSS

CVE•added 2020/03/02 4:15 p.m.•120 views

CVE-2019-18901

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Serv...

5.5CVSS5.5AI score0.00102EPSS

CVE•added 2019/03/14 9:29 a.m.•120 views

CVE-2019-9773

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

7.5CVSS8.5AI score0.02801EPSS

CVE•added 2019/03/14 9:29 a.m.•120 views

CVE-2019-9775

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.

9.1CVSS9AI score0.03129EPSS

CVE•added 2020/01/08 9:15 p.m.•120 views

CVE-2020-6613

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2020/02/27 6:15 p.m.•120 views

CVE-2020-7041

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

5.3CVSS6.8AI score0.00928EPSS

CVE•added 2022/01/06 4:15 a.m.•120 views

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

5.5CVSS5.2AI score0.00086EPSS

CVE•added 2022/01/06 4:15 a.m.•120 views

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

5.5CVSS5.2AI score0.00086EPSS

CVE•added 2016/01/21 3:1 a.m.•119 views

CVE-2016-0546

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous...

7.2CVSS5.8AI score0.00225EPSS

CVE•added 2020/01/08 9:15 p.m.•119 views

CVE-2020-6609

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

8.8CVSS8.6AI score0.00561EPSS

CVE•added 2016/04/21 10:59 a.m.•118 views

CVE-2016-0644

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.

5.5CVSS4.4AI score0.00323EPSS

CVE•added 2019/03/14 9:29 a.m.•118 views

CVE-2019-9771

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

7.5CVSS8.2AI score0.02523EPSS

CVE•added 2015/10/21 9:59 p.m.•116 views

CVE-2015-4802

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

4CVSS5.2AI score0.01015EPSS

CVE•added 2015/10/21 11:59 p.m.•116 views

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

4CVSS5.2AI score0.00508EPSS

CVE•added 2016/11/04 9:59 p.m.•116 views

CVE-2016-8576

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

6CVSS5.3AI score0.00087EPSS

CVE•added 2019/08/02 12:15 p.m.•116 views

CVE-2019-14524

An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.

7.8CVSS7.6AI score0.00511EPSS

CVE•added 2020/01/08 9:15 p.m.•116 views

CVE-2020-6614

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2015/10/21 11:59 p.m.•115 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00476EPSS

CVE•added 2016/02/13 2:59 a.m.•115 views

CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

6.5CVSS6.1AI score0.01559EPSS

CVE•added 2016/04/21 10:59 a.m.•115 views

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

4.7CVSS4.2AI score0.00463EPSS

CVE•added 2016/06/05 11:59 p.m.•115 views

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript ...

8.8CVSS8.2AI score0.01111EPSS

CVE•added 2020/04/22 5:15 p.m.•115 views

CVE-2019-20787

Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.

9.8CVSS9.4AI score0.00677EPSS

CVE•added 2019/03/14 9:29 a.m.•115 views

CVE-2019-9777

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

7.5CVSS8.3AI score0.02434EPSS

CVE•added 2020/01/08 9:15 p.m.•115 views

CVE-2020-6615

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

6.5CVSS7.3AI score0.00672EPSS

CVE•added 2015/10/21 9:59 p.m.•114 views

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

4CVSS5.1AI score0.00508EPSS

CVE•added 2015/10/21 9:59 p.m.•114 views

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

4CVSS4.9AI score0.00369EPSS

CVE•added 2016/04/21 10:59 a.m.•114 views

CVE-2016-0641

5.1CVSS4.2AI score0.00377EPSS

CVE•added 2016/03/26 1:59 a.m.•114 views

CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer deref...

5.3CVSS5.3AI score0.05717EPSS

CVE•added 2020/01/08 9:15 p.m.•114 views

CVE-2020-6611

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

6.5CVSS7.2AI score0.00579EPSS

CVE•added 2015/10/21 11:59 p.m.•113 views

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

2.8CVSS5.1AI score0.0095EPSS

CVE•added 2015/10/21 9:59 p.m.•112 views

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

4CVSS5.1AI score0.00362EPSS

CVE•added 2017/08/02 7:29 p.m.•112 views

CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5CVSS5.8AI score0.00237EPSS

CVE•added 2016/04/21 10:59 a.m.•112 views

CVE-2016-0640

6.1CVSS4.3AI score0.0034EPSS

CVE•added 2018/03/01 8:29 p.m.•112 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

9.9CVSS5.9AI score0.0043EPSS

CVE•added 2019/03/14 9:29 a.m.•112 views

CVE-2019-9770

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

7.5CVSS8.5AI score0.02893EPSS

CVE•added 2016/04/21 10:59 a.m.•111 views

CVE-2016-0650

5.5CVSS4.4AI score0.00323EPSS

CVE•added 2019/03/21 3:59 p.m.•111 views

CVE-2017-16232

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

7.5CVSS6.7AI score0.01738EPSS

CVE•added 2018/09/21 4:29 p.m.•111 views

CVE-2018-16597

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

5.5CVSS5.7AI score0.00092EPSS

CVE•added 2016/02/13 2:59 a.m.•110 views

CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out...

5.3CVSS5.5AI score0.00681EPSS

CVE•added 2016/06/05 11:59 p.m.•110 views

CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

7.5CVSS8.1AI score0.00532EPSS

CVE•added 2019/03/14 9:29 a.m.•110 views

CVE-2019-9774

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

9.1CVSS9AI score0.03129EPSS

Total number of security vulnerabilities1897