Leap Security Vulnerabilities and Issues — Leap CVE List

Lucene search

OpensuseLeap

9 matches found

CVE•added 2018/11/07 2:29 p.m.•5170 views

CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configura...

7.8CVSS7.3AI score0.55936EPSS

CVE•added 2018/11/07 2:29 p.m.•4430 views

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affe...

8.2CVSS6.4AI score0.04539EPSS

CVE•added 2018/11/07 5:29 a.m.•2267 views

CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target fil...

7.5CVSS7.3AI score0.42596EPSS

CVE•added 2018/11/26 3:29 a.m.•226 views

CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

6.5CVSS6.5AI score0.01029EPSS

CVE•added 2018/11/26 3:29 a.m.•169 views

CVE-2018-19539

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

6.5CVSS6.5AI score0.01026EPSS

CVE•added 2018/11/23 5:29 p.m.•150 views

CVE-2018-19490

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range ar...

7.8CVSS7.5AI score0.00267EPSS

CVE•added 2018/11/15 8:29 p.m.•148 views

CVE-2018-18954

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

5.5CVSS6AI score0.00118EPSS

CVE•added 2018/11/23 5:29 p.m.•145 views

CVE-2018-19491

An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnup...

7.8CVSS7.5AI score0.00267EPSS

CVE•added 2018/11/23 5:29 p.m.•135 views

CVE-2018-19492

An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when t...

7.8CVSS7.5AI score0.00267EPSS