Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-23 | CVE-2019-16708 | ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | Ubuntu_linux, Debian_linux, Imagemagick, Leap | 6.5 | ||
| 2019-09-23 | CVE-2019-16710 | ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | Ubuntu_linux, Debian_linux, Imagemagick, Leap | 6.5 | ||
| 2019-09-23 | CVE-2019-16711 | ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | Ubuntu_linux, Debian_linux, Imagemagick, Leap | 6.5 | ||
| 2019-09-23 | CVE-2019-16713 | ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | Ubuntu_linux, Debian_linux, Imagemagick, Leap | 6.5 | ||
| 2019-10-08 | CVE-2019-14846 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | Debian_linux, Backports_sle, Leap, Ansible_engine, Openstack | 7.8 | ||
| 2020-01-02 | CVE-2019-14864 | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. | Debian_linux, Backports_sle, Leap, Ansible, Ansible_tower, Ceph_storage, Cloudforms_management_engine, Enterprise_linux | 6.5 | ||
| 2020-03-12 | CVE-2020-0556 | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | Bluez, Ubuntu_linux, Debian_linux, Leap | 7.1 | ||
| 2020-03-21 | CVE-2019-17185 | In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. | Freeradius, Leap | 7.5 | ||
| 2020-03-24 | CVE-2020-10942 | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | Ubuntu_linux, Debian_linux, Linux_kernel, Leap | 5.3 | ||
| 2018-05-16 | CVE-2018-11212 | An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. | Ubuntu_linux, Debian_linux, Libjpeg, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Leap, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 6.5 |