Leap Security Vulnerabilities and Issues — Leap CVE List

Lucene search

OpensuseLeap

11 matches found

CVE•added 2018/07/06 4:29 p.m.•4909 views

CVE-2018-10892

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

6.3CVSS5.3AI score0.00189EPSS

CVE•added 2018/07/10 2:29 p.m.•357 views

CVE-2018-1128

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allo...

7.5CVSS7AI score0.01584EPSS

CVE•added 2018/07/10 2:29 p.m.•296 views

CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are ...

6.5CVSS6.9AI score0.00144EPSS

CVE•added 2018/07/05 6:29 p.m.•284 views

CVE-2018-12910

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

9.8CVSS8.7AI score0.06804EPSS

CVE•added 2018/07/09 8:29 p.m.•242 views

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deseri...

9.8CVSS8.6AI score0.06209EPSS

CVE•added 2018/07/10 2:29 p.m.•230 views

CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

8.1CVSS6.4AI score0.00817EPSS

CVE•added 2018/07/03 10:29 a.m.•178 views

CVE-2018-13099

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

5.5CVSS5.8AI score0.0076EPSS

CVE•added 2018/07/03 10:29 a.m.•171 views

CVE-2018-13096

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

5.5CVSS5.6AI score0.00588EPSS

CVE•added 2018/07/23 8:29 a.m.•129 views

CVE-2018-14522

An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.

8.8CVSS8.4AI score0.00448EPSS

CVE•added 2018/07/23 8:29 a.m.•121 views

CVE-2018-14523

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.

8.8CVSS8.5AI score0.00448EPSS

CVE•added 2018/07/30 2:29 p.m.•66 views

CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

7.5CVSS7AI score0.01327EPSS