Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-09 | CVE-2019-20372 | NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | Xcode, Ubuntu_linux, Nginx, Cloud_backup, Leap | 5.3 | ||
| 2019-03-09 | CVE-2019-9638 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections | 7.5 | ||
| 2019-03-09 | CVE-2019-9639 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections | 7.5 | ||
| 2019-03-09 | CVE-2019-9640 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. | Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections | 7.5 | ||
| 2019-03-09 | CVE-2019-9641 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. | Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php | 9.8 | ||
| 2019-03-21 | CVE-2019-8934 | hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | Leap, Qemu | 3.3 | ||
| 2019-03-21 | CVE-2019-9896 | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | Backports_sle, Leap, Putty | 7.8 | ||
| 2019-03-22 | CVE-2019-9924 | rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | Ubuntu_linux, Debian_linux, Bash, Hci_management_node, Solidfire, Leap | 7.8 | ||
| 2018-11-07 | CVE-2018-19052 | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | Debian_linux, Lighttpd, Backports_sle, Leap, Suse_linux_enterprise_server | 7.5 | ||
| 2019-09-27 | CVE-2019-11735 | Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | Firefox, Firefox_esr, Leap | 8.8 |