Leap
(Opensuse)| Date | ID | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2019-11-06 | CVE-2019-14833 | A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it... | Fedora, Leap, Samba | N/A | |
| 2019-11-05 | CVE-2016-1000002 | gdm3 3.14.2 and possibly later has an information leak before screen lock | Debian_linux, Gnome_display_manager, Leap, Enterprise_linux | N/A | |
| 2019-11-06 | CVE-2019-14847 | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue. | Fedora, Leap, Samba | N/A | |
| 2019-11-04 | CVE-2017-5333 | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | |
| 2019-11-05 | CVE-2016-4983 | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | Dovecot, Leap, Opensuse, Enterprise_linux | N/A | |
| 2019-11-01 | CVE-2019-6470 | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party... | Bind, Dhcpd, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2019-11-04 | CVE-2017-5332 | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | |
| 2019-02-04 | CVE-2019-1000020 | libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. | Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2019-02-04 | CVE-2019-1000019 | libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. | Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | |
| 2018-12-20 | CVE-2018-1000879 | libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. | Fedora, Libarchive, Leap | N/A |