Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1916 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5740 7 Canonical, Debian, Hp and 4 more 11 Ubuntu Linux, Debian Linux, Hp-ux and 8 more 2022-04-12 5.0 MEDIUM 7.5 HIGH
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
CVE-2018-10929 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-12 6.5 MEDIUM 8.8 HIGH
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
CVE-2018-10928 4 Debian, Gluster, Opensuse and 1 more 7 Debian Linux, Glusterfs, Leap and 4 more 2022-04-12 6.5 MEDIUM 8.8 HIGH
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
CVE-2018-10927 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-12 5.5 MEDIUM 8.1 HIGH
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-10926 4 Debian, Gluster, Opensuse and 1 more 6 Debian Linux, Glusterfs, Leap and 3 more 2022-04-12 6.5 MEDIUM 8.8 HIGH
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
CVE-2019-17024 5 Canonical, Debian, Mozilla and 2 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2022-04-08 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17012 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-17011 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 5.1 MEDIUM 7.5 HIGH
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-17010 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 5.1 MEDIUM 7.5 HIGH
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-17005 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 6.8 MEDIUM 8.8 HIGH
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-20372 5 Apple, Canonical, F5 and 2 more 5 Xcode, Ubuntu Linux, Nginx and 2 more 2022-04-06 4.3 MEDIUM 5.3 MEDIUM
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2019-9641 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2022-04-05 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9640 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-8934 2 Opensuse, Qemu 2 Leap, Qemu 2022-04-05 2.1 LOW 3.3 LOW
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2019-9896 3 Microsoft, Opensuse, Putty 4 Windows, Backports Sle, Leap and 1 more 2022-04-05 4.6 MEDIUM 7.8 HIGH
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
CVE-2019-9924 5 Canonical, Debian, Gnu and 2 more 6 Ubuntu Linux, Debian Linux, Bash and 3 more 2022-04-05 7.2 HIGH 7.8 HIGH
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2020-27153 3 Bluez, Debian, Opensuse 3 Bluez, Debian Linux, Leap 2022-04-05 7.5 HIGH 8.6 HIGH
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
CVE-2018-19052 4 Debian, Lighttpd, Opensuse and 1 more 5 Debian Linux, Lighttpd, Backports Sle and 2 more 2022-03-31 5.0 MEDIUM 7.5 HIGH
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.