Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-07 | CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | Ubuntu_linux, Fedora, Leap, Jinja, Software_collections | 8.6 | ||
| 2019-04-07 | CVE-2019-10740 | In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | Fedora, Backports_sle, Leap, Webmail | 4.3 | ||
| 2019-04-08 | CVE-2019-0217 | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Oncommand_unified_manager, Leap, Enterprise_manager_ops_center, Http_server, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2019-04-09 | CVE-2019-10894 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10895 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10896 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10899 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10901 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10903 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-3880 | A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. | Debian_linux, Fedora, Leap, Enterprise_linux, Gluster_storage, Samba | 5.4 |