Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1916 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20009 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
CVE-2019-19080 2 Linux, Opensuse 2 Linux Kernel, Leap 2020-08-24 7.1 HIGH 5.9 MEDIUM
Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.
CVE-2019-15030 4 Canonical, Linux, Opensuse and 1 more 4 Ubuntu Linux, Linux Kernel, Leap and 1 more 2020-08-24 3.6 LOW 4.4 MEDIUM
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.
CVE-2019-19045 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2020-08-24 4.9 MEDIUM 4.4 MEDIUM
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.
CVE-2019-17009 3 Microsoft, Mozilla, Opensuse 5 Windows, Firefox, Firefox Esr and 2 more 2020-08-24 4.6 MEDIUM 7.8 HIGH
When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-20012 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
CVE-2019-11005 2 Graphicsmagick, Opensuse 2 Graphicsmagick, Leap 2020-08-24 7.5 HIGH 9.8 CRITICAL
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
CVE-2018-12085 3 Canonical, Liblouis, Opensuse 3 Ubuntu Linux, Liblouis, Leap 2020-08-24 6.8 MEDIUM 8.8 HIGH
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
CVE-2019-7663 4 Canonical, Debian, Libtiff and 1 more 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
CVE-2018-11685 3 Canonical, Liblouis, Opensuse 3 Ubuntu Linux, Liblouis, Leap 2020-08-24 6.8 MEDIUM 8.8 HIGH
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
CVE-2019-11010 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Leap 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
CVE-2019-19083 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2020-08-24 4.7 MEDIUM 4.7 MEDIUM
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.
CVE-2019-15921 2 Linux, Opensuse 2 Linux Kernel, Leap 2020-08-24 4.7 MEDIUM 4.7 MEDIUM
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.
CVE-2019-17358 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Leap 2020-08-24 5.5 MEDIUM 8.1 HIGH
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.
CVE-2019-8324 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Leap, Enterprise Linux and 1 more 2020-08-24 6.8 MEDIUM 8.8 HIGH
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
CVE-2019-8907 4 Canonical, Debian, File Project and 1 more 4 Ubuntu Linux, Debian Linux, File and 1 more 2020-08-24 6.8 MEDIUM 8.8 HIGH
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
CVE-2019-19077 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2020-08-24 4.9 MEDIUM 5.5 MEDIUM
A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.
CVE-2018-11683 3 Canonical, Liblouis, Opensuse 3 Ubuntu Linux, Liblouis, Leap 2020-08-24 6.8 MEDIUM 8.8 HIGH
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
CVE-2019-11006 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Leap 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
CVE-2014-3462 2 Encfs Project, Opensuse 3 Encfs, Leap, Opensuse 2020-08-21 5.0 MEDIUM 7.5 HIGH
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".