Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-19 | CVE-2019-3812 | QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. | Ubuntu_linux, Fedora, Leap, Qemu | 5.5 | ||
| 2019-03-14 | CVE-2019-3816 | Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. | Fedora, Leap, Openwsman, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2019-03-14 | CVE-2019-3833 | Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. | Fedora, Leap, Openwsman | 7.5 | ||
| 2019-04-04 | CVE-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | Fedora, Leap, Libvirt | 5.4 | ||
| 2019-04-24 | CVE-2019-3882 | A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager_for_vmware_vsphere, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire, Storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console_for_vmware_vsphere, Leap | 5.5 | ||
| 2019-06-03 | CVE-2019-3846 | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, A700s_firmware, Active_iq_unified_manager_for_vmware_vsphere, Cn1610_firmware, H610s_firmware, Hci_management_node, Solidfire, Leap, Enterprise_linux | 8.8 | ||
| 2019-06-14 | CVE-2019-10126 | A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | Ubuntu_linux, Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Cn1610_firmware, H610s_firmware, Hci_management_node, Solidfire, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 9.8 | ||
| 2019-06-07 | CVE-2019-10160 | A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the... | Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Converged_systems_advisor_agent, Leap, Python, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 9.8 | ||
| 2019-07-31 | CVE-2019-10181 | It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. | Debian_linux, Icedtea\-Web, Leap | 8.1 | ||
| 2019-07-31 | CVE-2019-10185 | It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. | Debian_linux, Icedtea\-Web, Leap | 8.6 |