Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-09-21 | CVE-2018-17294 | The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. | Ubuntu_linux, Liblouis, Leap | 6.5 | ||
2018-07-23 | CVE-2018-14523 | An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. | Aubio, Leap, Linux_enterprise | 8.8 | ||
2018-07-23 | CVE-2018-14522 | An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. | Aubio, Leap, Linux_enterprise | 8.8 | ||
2018-05-30 | CVE-2018-11577 | Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. | Ubuntu_linux, Liblouis, Leap | 8.8 | ||
2018-08-01 | CVE-2018-10916 | It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. | Ubuntu_linux, Lftp, Leap | 6.5 | ||
2018-05-08 | CVE-2018-10380 | kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | Debian_linux, Plasma, Leap | 7.8 | ||
2017-03-15 | CVE-2017-5938 | Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | Debian_linux, Leap, Leap, Viewvc | 6.1 | ||
2018-10-15 | CVE-2017-5934 | Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Ubuntu_linux, Debian_linux, Moinmoin, Leap | 6.1 | ||
2017-03-24 | CVE-2017-5337 | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | Gnutls, Leap | 9.8 | ||
2017-03-24 | CVE-2017-5336 | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | Gnutls, Leap | 9.8 |