Leap Security Vulnerabilities and Issues — Leap CVE List

Lucene search

OpensuseLeap

40 matches found

CVE•added 2019/05/10 10:29 p.m.•463 views

CVE-2019-11884

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

3.3CVSS5.6AI score0.0006EPSS

CVE•added 2019/07/26 5:15 a.m.•429 views

CVE-2018-20855

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

3.3CVSS4.8AI score0.00109EPSS

CVE•added 2019/10/01 2:15 p.m.•408 views

CVE-2019-17055

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

3.3CVSS6.5AI score0.00079EPSS

CVE•added 2019/01/16 7:30 p.m.•371 views

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co...

3.1CVSS2.4AI score0.00128EPSS

CVE•added 2020/10/21 3:15 p.m.•355 views

CVE-2020-14798

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS3.4AI score0.00247EPSS

CVE•added 2019/07/23 11:15 p.m.•330 views

CVE-2019-2786

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.4CVSS3.6AI score0.00183EPSS

CVE•added 2020/08/11 4:15 p.m.•325 views

CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_r...

3.8CVSS5AI score0.00019EPSS

CVE•added 2020/10/21 3:15 p.m.•312 views

CVE-2020-14796

3.1CVSS3.2AI score0.0013EPSS

CVE•added 2020/03/05 7:15 p.m.•308 views

CVE-2019-20382

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

3.5CVSS4.8AI score0.00188EPSS

CVE•added 2019/10/16 6:15 p.m.•306 views

CVE-2019-2945

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS3.8AI score0.00265EPSS

CVE•added 2019/09/24 8:15 p.m.•299 views

CVE-2019-12068

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop i...

3.8CVSS5.2AI score0.00109EPSS

CVE•added 2018/08/10 3:29 p.m.•285 views

CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (rea...

3.3CVSS3.9AI score0.00043EPSS

CVE•added 2019/09/04 7:15 p.m.•252 views

CVE-2019-15919

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

3.3CVSS5.5AI score0.00057EPSS

CVE•added 2020/05/15 5:15 p.m.•252 views

CVE-2020-11526

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.

3.5CVSS5.1AI score0.00185EPSS

CVE•added 2020/05/28 3:15 p.m.•251 views

CVE-2020-13362

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

3.2CVSS4.7AI score0.00103EPSS

CVE•added 2020/05/15 5:15 p.m.•250 views

CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.

3.5CVSS5.1AI score0.01699EPSS

CVE•added 2019/07/23 11:15 p.m.•242 views

CVE-2019-2766

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...

3.1CVSS3.5AI score0.0107EPSS

CVE•added 2020/05/28 2:15 p.m.•235 views

CVE-2020-13361

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

3.9CVSS5AI score0.00106EPSS

CVE•added 2019/11/18 6:15 a.m.•229 views

CVE-2019-19057

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.

3.3CVSS6.1AI score0.0008EPSS

CVE•added 2020/01/24 10:15 p.m.•227 views

CVE-2019-1348

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

3.6CVSS6.7AI score0.00031EPSS

CVE•added 2020/07/27 6:15 p.m.•186 views

CVE-2020-15103

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that...

3.5CVSS5.3AI score0.00197EPSS

CVE•added 2019/07/23 11:15 p.m.•162 views

CVE-2019-2873

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

3.3CVSS4.2AI score0.00066EPSS

CVE•added 2017/03/20 4:59 p.m.•160 views

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

3.5CVSS3.4AI score0.39864EPSS

CVE•added 2019/03/21 4:1 p.m.•143 views

CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

3.3CVSS3.7AI score0.00073EPSS

CVE•added 2020/09/30 7:15 p.m.•142 views

CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the move_desc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause move_desc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhost_crypto is ...

3.3CVSS5.7AI score0.00072EPSS

CVE•added 2020/04/15 2:15 p.m.•138 views

CVE-2020-2748

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...

3.2CVSS3.9AI score0.00128EPSS

CVE•added 2015/10/22 12:0 a.m.•132 views

CVE-2015-4913

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

3.5CVSS5.2AI score0.00419EPSS

CVE•added 2019/07/23 11:15 p.m.•132 views

CVE-2019-2875

3.3CVSS4.2AI score0.00066EPSS

CVE•added 2019/07/23 11:15 p.m.•126 views

CVE-2019-2874

3.3CVSS4.2AI score0.00066EPSS

CVE•added 2019/07/23 11:15 p.m.•126 views

CVE-2019-2876

3.3CVSS4.2AI score0.00066EPSS

CVE•added 2015/10/21 11:59 p.m.•115 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00392EPSS

CVE•added 2016/01/21 3:2 a.m.•105 views

CVE-2016-0598

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

3.5CVSS5AI score0.00459EPSS

CVE•added 2016/01/21 3:2 a.m.•105 views

CVE-2016-0600

3.5CVSS5AI score0.00459EPSS

CVE•added 2016/01/21 3:2 a.m.•101 views

CVE-2016-0608

3.5CVSS5AI score0.00459EPSS

CVE•added 2016/01/21 3:2 a.m.•99 views

CVE-2016-0606

3.5CVSS5AI score0.00226EPSS

CVE•added 2015/10/21 9:59 p.m.•92 views

CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

3.5CVSS5AI score0.00374EPSS

CVE•added 2016/01/21 3:2 a.m.•79 views

CVE-2016-0610

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5.5AI score0.00517EPSS

CVE•added 2016/09/11 10:59 a.m.•71 views

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct...

3.1CVSS5.1AI score0.00633EPSS

CVE•added 2019/11/05 10:15 p.m.•66 views

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

3.3CVSS3.6AI score0.00143EPSS

CVE•added 2016/01/08 7:59 p.m.•45 views

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.

3.3CVSS3.9AI score0.00048EPSS