Leap@15.1 Security Vulnerabilities and Issues — Page 7 of Leap@15.1 CVE List

Lucene search

OpensuseLeap15.1

1156 matches found

CVE•added 2019/10/03 4:15 p.m.•327 views

CVE-2018-14463

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.

7.5CVSS8.7AI score0.01093EPSS

CVE•added 2019/10/16 6:15 p.m.•327 views

CVE-2019-2945

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS3.8AI score0.00271EPSS

CVE•added 2019/05/23 8:29 p.m.•327 views

CVE-2019-5789

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.5AI score0.39945EPSS

CVE•added 2020/08/21 9:15 p.m.•327 views

CVE-2020-8620

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

7.5CVSS7.3AI score0.0682EPSS

CVE•added 2019/07/05 1:15 a.m.•325 views

CVE-2019-13304

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.

7.8CVSS8.2AI score0.00195EPSS

CVE•added 2020/04/15 2:15 p.m.•325 views

CVE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS4.2AI score0.00525EPSS

CVE•added 2018/09/18 5:29 p.m.•324 views

CVE-2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary fil...

9.8CVSS9.8AI score0.23977EPSS

CVE•added 2019/07/15 2:15 a.m.•324 views

CVE-2019-1010006

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_rend...

7.8CVSS7.7AI score0.0063EPSS

CVE•added 2019/10/10 6:15 p.m.•324 views

CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

9.8CVSS9.2AI score0.03934EPSS

CVE•added 2019/11/18 6:15 a.m.•324 views

CVE-2019-19052

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.

7.8CVSS7.5AI score0.01686EPSS

CVE•added 2019/11/18 6:15 a.m.•324 views

CVE-2019-19056

A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.

4.7CVSS6.4AI score0.00089EPSS

CVE•added 2019/08/15 10:15 p.m.•324 views

CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice insta...

7.8CVSS8.9AI score0.92577EPSS

CVE•added 2019/11/14 7:15 p.m.•323 views

CVE-2019-11139

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

6CVSS5.9AI score0.00117EPSS

CVE•added 2019/08/14 6:15 a.m.•323 views

CVE-2019-14973

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

6.5CVSS7.3AI score0.00995EPSS

CVE•added 2019/07/03 7:15 p.m.•323 views

CVE-2019-5052

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a speci...

8.8CVSS8.7AI score0.02472EPSS

CVE•added 2020/07/15 6:15 p.m.•323 views

CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro...

7.4CVSS7.1AI score0.00286EPSS

CVE•added 2020/04/15 2:15 p.m.•323 views

CVE-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.00152EPSS

CVE•added 2019/11/27 11:15 p.m.•321 views

CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

4.7CVSS6.5AI score0.00036EPSS

CVE•added 2019/05/23 8:29 p.m.•321 views

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.4AI score0.465EPSS

CVE•added 2020/07/29 6:15 p.m.•321 views

CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extrem...

6.4CVSS7.6AI score0.00033EPSS

CVE•added 2019/07/05 1:15 a.m.•320 views

CVE-2019-13309

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.

6.5CVSS7.1AI score0.00175EPSS

CVE•added 2019/08/19 10:15 p.m.•320 views

CVE-2019-15219

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

4.9CVSS5.9AI score0.00099EPSS

CVE•added 2020/01/15 5:15 p.m.•320 views

CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS4.3AI score0.00281EPSS

CVE•added 2020/01/15 5:15 p.m.•320 views

CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

4.3CVSS4.4AI score0.00294EPSS

CVE•added 2020/07/22 5:15 p.m.•320 views

CVE-2020-6519

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.7AI score0.29231EPSS

CVE•added 2019/07/05 1:15 a.m.•319 views

CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.

8.8CVSS8.6AI score0.0035EPSS

CVE•added 2019/12/18 8:15 p.m.•319 views

CVE-2019-16782

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a ...

6.3CVSS5.7AI score0.01634EPSS

CVE•added 2020/03/05 7:15 p.m.•319 views

CVE-2019-20382

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

3.5CVSS4.8AI score0.00214EPSS

CVE•added 2020/06/09 8:15 p.m.•319 views

CVE-2020-1269

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020...

7.8CVSS7.7AI score0.19295EPSS

In wild

CVE•added 2020/07/15 10:15 p.m.•319 views

CVE-2020-15780

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

7.2CVSS6.6AI score0.00776EPSS

CVE•added 2020/04/15 2:15 p.m.•319 views

CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.00219EPSS

CVE•added 2020/03/20 9:15 p.m.•318 views

CVE-2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

6.1CVSS7.4AI score0.0137EPSS

CVE•added 2020/02/27 9:15 p.m.•318 views

CVE-2020-3868

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbit...

9.3CVSS8.6AI score0.00275EPSS

CVE•added 2019/08/16 2:15 a.m.•316 views

CVE-2019-15098

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

4.9CVSS6.2AI score0.00166EPSS

CVE•added 2020/01/15 5:15 p.m.•316 views

CVE-2020-2604

8.1CVSS7.7AI score0.01865EPSS

CVE•added 2019/08/15 10:15 p.m.•315 views

CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, ...

9.8CVSS9.1AI score0.85073EPSS

CVE•added 2020/04/15 2:15 p.m.•315 views

CVE-2020-2805

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS8.2AI score0.011EPSS

CVE•added 2019/11/18 6:15 a.m.•314 views

CVE-2019-19065

A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability beca...

4.7CVSS4.3AI score0.00057EPSS

CVE•added 2019/06/27 5:15 p.m.•314 views

CVE-2019-5831

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.02152EPSS

CVE•added 2020/05/09 9:15 p.m.•314 views

CVE-2020-12771

An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.

5.5CVSS5.9AI score0.00063EPSS

CVE•added 2019/09/04 7:15 p.m.•313 views

CVE-2019-15921

An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.

4.7CVSS5.9AI score0.00073EPSS

CVE•added 2019/09/27 6:15 p.m.•311 views

CVE-2019-11740

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabilit...

8.8CVSS9.4AI score0.00861EPSS

CVE•added 2019/07/05 1:15 a.m.•311 views

CVE-2019-13295

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.

8.8CVSS8.5AI score0.00355EPSS

CVE•added 2019/06/26 6:15 p.m.•310 views

CVE-2019-12973

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.

5.5CVSS6.4AI score0.00121EPSS

CVE•added 2019/10/16 6:15 p.m.•310 views

CVE-2019-2978

4.3CVSS4AI score0.00192EPSS

CVE•added 2020/08/13 4:15 p.m.•310 views

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

6.5CVSS6.3AI score0.0023EPSS

CVE•added 2019/07/05 1:15 a.m.•309 views

CVE-2019-13301

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.

6.5CVSS7.1AI score0.00181EPSS

CVE•added 2019/07/05 1:15 a.m.•309 views

CVE-2019-13311

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.

6.5CVSS7.1AI score0.00175EPSS

CVE•added 2020/01/08 5:15 p.m.•309 views

CVE-2019-20367

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

9.1CVSS8.9AI score0.02365EPSS

CVE•added 2019/07/05 1:15 a.m.•308 views

CVE-2019-13306

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.

7.8CVSS8.1AI score0.00135EPSS

Total number of security vulnerabilities1156