CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opensuse » Leap : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-8907 119 DoS Overflow 2019-02-18 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
2 CVE-2019-8906 125 2019-02-18 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
3 CVE-2019-8905 125 2019-02-18 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
4 CVE-2019-7638 125 2019-02-08 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
5 CVE-2019-7637 119 Overflow 2019-02-08 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
6 CVE-2019-7636 125 2019-02-08 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
7 CVE-2019-7524 119 Overflow 2019-03-28 2019-04-17
7.2
None Local Low Not required Complete Complete Complete
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
8 CVE-2019-7398 399 2019-02-04 2019-04-12
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
9 CVE-2019-7397 399 2019-02-04 2019-04-12
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
10 CVE-2019-7396 399 2019-02-04 2019-04-12
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
11 CVE-2019-7395 399 2019-02-04 2019-04-12
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
12 CVE-2019-7308 189 2019-02-01 2019-04-18
4.7
None Local Medium Not required Complete None None
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
13 CVE-2019-7222 200 +Info 2019-03-21 2019-04-08
2.1
None Local Low Not required Partial None None
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
14 CVE-2019-7221 416 2019-03-21 2019-04-04
4.6
None Local Low Not required Partial Partial Partial
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
15 CVE-2019-7175 399 2019-03-07 2019-04-12
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
16 CVE-2019-6778 119 Overflow 2019-03-21 2019-04-17
4.6
None Local Low Not required Partial Partial Partial
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
17 CVE-2019-6690 20 2019-03-21 2019-04-17
5.0
None Remote Low Not required None Partial None
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
18 CVE-2019-6486 400 DoS 2019-01-24 2019-04-18
6.4
None Remote Low Not required Partial None Partial
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
19 CVE-2019-6454 119 DoS Overflow 2019-03-21 2019-04-10
4.9
None Local Low Not required None None Complete
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
20 CVE-2019-6116 20 Exec Code 2019-03-21 2019-04-03
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
21 CVE-2019-5739 400 DoS 2019-03-28 2019-04-08
5.0
None Remote Low Not required None None Partial
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.
22 CVE-2019-5737 400 DoS 2019-03-28 2019-04-16
5.0
None Remote Low Not required None None Partial
An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active release lines including 6, 8, 10 and 11.
23 CVE-2019-5736 216 Exec Code 2019-02-11 2019-04-17
9.3
None Remote Medium Not required Complete Complete Complete
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
24 CVE-2019-3863 787 2019-03-25 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
25 CVE-2019-3862 125 DoS 2019-03-21 2019-04-15
6.4
None Remote Low Not required Partial None Partial
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
26 CVE-2019-3861 125 DoS 2019-03-25 2019-04-15
6.4
None Remote Low Not required Partial None Partial
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
27 CVE-2019-3860 125 DoS 2019-03-25 2019-04-15
6.4
None Remote Low Not required Partial None Partial
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
28 CVE-2019-3859 125 DoS 2019-03-21 2019-04-15
6.4
None Remote Low Not required Partial None Partial
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
29 CVE-2019-3858 125 DoS 2019-03-21 2019-04-15
6.4
None Remote Low Not required Partial None Partial
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
30 CVE-2019-3857 190 Exec Code Overflow 2019-03-25 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
31 CVE-2019-3856 190 Exec Code Overflow 2019-03-25 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
32 CVE-2019-3855 190 Exec Code Overflow 2019-03-21 2019-04-15
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
33 CVE-2019-3838 284 2019-03-25 2019-04-17
4.3
None Remote Medium Not required Partial None None
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
34 CVE-2019-3833 399 DoS 2019-03-14 2019-04-17
5.0
None Remote Low Not required None None Partial
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
35 CVE-2019-3816 200 +Info 2019-03-14 2019-04-17
5.0
None Remote Low Not required Partial None None
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
36 CVE-2019-3814 295 2019-03-27 2019-04-17
4.9
None Remote Medium Single system Partial Partial None
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
37 CVE-2019-2422 284 2019-01-16 2019-04-18
4.3
None Remote Medium Not required Partial None None
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
38 CVE-2019-1559 200 +Info 2019-02-27 2019-04-08
4.3
None Remote Medium Not required Partial None None
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
39 CVE-2019-0160 119 DoS Overflow 2019-03-27 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
40 CVE-2018-20467 399 DoS 2018-12-25 2019-04-12
4.3
None Remote Medium Not required None None Partial
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
41 CVE-2018-20346 190 Exec Code Overflow 2018-12-21 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
42 CVE-2018-19873 119 Overflow 2018-12-26 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
43 CVE-2018-19492 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
44 CVE-2018-19491 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
45 CVE-2018-19490 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
46 CVE-2018-19489 362 DoS 2018-12-13 2019-03-29
2.1
None Local Low Not required None None Partial
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
47 CVE-2018-19364 416 2018-12-13 2019-03-29
2.1
None Local Low Not required None None Partial
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
48 CVE-2018-18954 125 2018-11-15 2019-03-29
2.1
None Local Low Not required None None Partial
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
49 CVE-2018-18849 125 2019-03-21 2019-04-12
2.1
None Local Low Not required None None Partial
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
50 CVE-2018-18544 399 2018-10-20 2019-04-12
4.3
None Remote Medium Not required None None Partial
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
Total number of vulnerabilities : 469   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.