Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-04-13 | CVE-2016-3630 | The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | Debian_linux, Fedora, Mercurial, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit | 8.8 | ||
| 2020-06-12 | CVE-2020-10732 | A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | Ubuntu_linux, Linux_kernel, Active_iq_unified_manager, Aff_8300_firmware, Aff_8700_firmware, Aff_a400_firmware, Aff_a700_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap | 4.4 | ||
| 2019-01-15 | CVE-2019-3811 | A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. | Debian_linux, Fedora, Sssd, Leap, Enterprise_linux | 5.2 | ||
| 2016-02-16 | CVE-2016-0753 | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. | Debian_linux, Fedora, Leap, Rails | 5.3 | ||
| 2018-12-13 | CVE-2018-16872 | A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and... | Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu | 5.3 | ||
| 2019-11-26 | CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | Debian_linux, Leap, Graalvm, Ruby | 8.1 | ||
| 2019-02-05 | CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability... | Ubuntu_linux, Debian_linux, Firefox, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.9 | ||
| 2019-03-15 | CVE-2018-20177 | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | Debian_linux, Backports, Leap, Rdesktop | 9.8 | ||
| 2019-07-30 | CVE-2018-20860 | libopenmpt before 0.3.13 allows a crash with malformed MED files. | Libopenmpt, Leap | 6.5 | ||
| 2019-07-30 | CVE-2019-14383 | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | Libopenmpt, Leap | 6.5 |