Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1916 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19536 3 Debian, Linux, Opensuse 3 Debian Linux, Linux Kernel, Leap 2022-03-31 2.1 LOW 4.6 MEDIUM
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
CVE-2019-19965 5 Canonical, Debian, Linux and 2 more 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more 2022-03-31 1.9 LOW 4.7 MEDIUM
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-11735 2 Mozilla, Opensuse 3 Firefox, Firefox Esr, Leap 2022-03-31 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11738 2 Mozilla, Opensuse 3 Firefox, Firefox Esr, Leap 2022-03-31 6.8 MEDIUM 6.3 MEDIUM
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11740 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-03-31 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
CVE-2019-12921 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more 2022-03-31 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
CVE-2020-13817 4 Fujitsu, Netapp, Ntp and 1 more 40 M10-1, M10-1 Firmware, M10-4 and 37 more 2022-03-29 5.8 MEDIUM 7.4 HIGH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
CVE-2016-1572 5 Canonical, Debian, Ecryptfs and 2 more 6 Ubuntu Linux, Debian Linux, Ecryptfs-utils and 3 more 2022-03-23 4.6 MEDIUM 8.4 HIGH
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
CVE-2020-14397 5 Canonical, Debian, Libvnc Project and 2 more 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more 2022-03-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-14398 5 Canonical, Debian, Libvnc Project and 2 more 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more 2022-03-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVE-2020-14401 4 Debian, Libvncserver Project, Opensuse and 1 more 15 Debian Linux, Libvncserver, Leap and 12 more 2022-03-09 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2018-16845 5 Apple, Canonical, Debian and 2 more 5 Xcode, Ubuntu Linux, Debian Linux and 2 more 2022-02-22 5.8 MEDIUM 6.1 MEDIUM
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
CVE-2018-16843 5 Apple, Canonical, Debian and 2 more 5 Xcode, Ubuntu Linux, Debian Linux and 2 more 2022-02-22 7.8 HIGH 7.5 HIGH
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
CVE-2016-2383 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2022-01-31 2.1 LOW 5.5 MEDIUM
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
CVE-2019-16712 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVE-2019-16709 3 Canonical, Imagemagick, Opensuse 4 Ubuntu Linux, Imagemagick, Backports and 1 more 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-20053 2 Opensuse, Upx Project 3 Backports, Leap, Upx 2022-01-01 4.3 MEDIUM 5.5 MEDIUM
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVE-2019-13456 4 Freeradius, Linux, Opensuse and 1 more 4 Freeradius, Linux Kernel, Leap and 1 more 2022-01-01 2.9 LOW 6.5 MEDIUM
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
CVE-2020-8632 3 Canonical, Debian, Opensuse 3 Cloud-init, Debian Linux, Leap 2022-01-01 2.1 LOW 5.5 MEDIUM
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
CVE-2020-5202 3 Apt-cacher-ng Project, Debian, Opensuse 4 Apt-cacher-ng, Debian Linux, Backports and 1 more 2022-01-01 2.1 LOW 5.5 MEDIUM
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.