Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1916 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-2907 2 Opensuse, Oracle 2 Leap, Vm Virtualbox 2021-07-21 4.6 MEDIUM 7.5 HIGH
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2019-12521 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2021-07-21 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
CVE-2019-17177 2 Freerdp, Opensuse 2 Freerdp, Leap 2021-07-21 5.0 MEDIUM 7.5 HIGH
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
CVE-2020-8517 3 Canonical, Opensuse, Squid-cache 3 Ubuntu Linux, Leap, Squid 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
CVE-2019-13627 4 Canonical, Debian, Libgcrypt20 Project and 1 more 4 Ubuntu Linux, Debian Linux, Libgcrypt20 and 1 more 2021-07-21 2.6 LOW 6.3 MEDIUM
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
CVE-2016-4953 5 Ntp, Opensuse, Oracle and 2 more 15 Ntp, Leap, Opensuse and 12 more 2021-07-16 5.0 MEDIUM 7.5 HIGH
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
CVE-2021-31998 2 Opensuse, Suse 4 Backports Sle, Inn, Leap and 1 more 2021-06-24 7.2 HIGH 7.8 HIGH
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
CVE-2019-18805 5 Broadcom, Linux, Netapp and 2 more 22 Fabric Operating System, Linux Kernel, Active Iq Unified Manager and 19 more 2021-06-22 7.5 HIGH 9.8 CRITICAL
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
CVE-2019-13134 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2021-06-02 4.3 MEDIUM 5.5 MEDIUM
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
CVE-2019-13133 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2021-06-02 4.3 MEDIUM 5.5 MEDIUM
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
CVE-2019-8912 4 Canonical, Linux, Opensuse and 1 more 4 Ubuntu Linux, Linux Kernel, Leap and 1 more 2021-06-02 7.2 HIGH 7.8 HIGH
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
CVE-2019-9003 4 Canonical, Linux, Netapp and 1 more 8 Ubuntu Linux, Linux Kernel, Cn1610 and 5 more 2021-06-02 7.8 HIGH 7.5 HIGH
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
CVE-2020-14375 3 Canonical, Dpdk, Opensuse 3 Ubuntu Linux, Data Plane Development Kit, Leap 2021-05-05 4.4 MEDIUM 7.8 HIGH
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2016-8866 2 Imagemagick, Opensuse 3 Imagemagick, Leap, Opensuse 2021-04-28 6.8 MEDIUM 8.8 HIGH
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
CVE-2018-20467 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2021-04-28 4.3 MEDIUM 6.5 MEDIUM
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVE-2019-7398 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2021-04-28 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
CVE-2019-7397 5 Canonical, Debian, Graphicsmagick and 2 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2021-04-28 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
CVE-2019-7396 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2021-04-28 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
CVE-2019-7175 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2021-04-28 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
CVE-2019-7395 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2021-04-28 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.