Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-05 | CVE-2019-5068 | An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. | Ubuntu_linux, Debian_linux, Mesa, Leap | 4.4 | ||
| 2019-12-03 | CVE-2019-5163 | An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. | Backports, Leap, Shadowsocks\-Libev | 7.5 | ||
| 2019-12-03 | CVE-2019-5164 | An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | Backports_sle, Leap, Shadowsocks\-Libev | 7.8 | ||
| 2017-12-18 | CVE-2017-17740 | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. | Policy_auditor, Openldap, Leap, Blockchain_platform | 7.5 | ||
| 2019-05-08 | CVE-2019-5021 | Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. | Big\-Ip_controller, Docker\-Alpine, Leap | 9.8 | ||
| 2019-07-26 | CVE-2019-13057 | An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB... | Mac_os_x, Ubuntu_linux, Debian_linux, Policy_auditor, Openldap, Leap, Blockchain_platform, Solaris, Zfs_storage_appliance_kit | 4.9 | ||
| 2016-12-12 | CVE-2016-9427 | Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. | Bdwgc, Debian_linux, Leap, Opensuse | 9.8 | ||
| 2019-03-14 | CVE-2019-9773 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. | Libredwg, Backports_sle, Leap | 7.5 | ||
| 2019-03-14 | CVE-2019-9775 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. | Libredwg, Backports_sle, Leap | 9.1 | ||
| 2019-03-14 | CVE-2019-9776 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779). | Libredwg, Backports_sle, Leap | 7.5 |