Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-13 | CVE-2019-9511 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Nginx, Fedora, Web_gateway, Node\.js, Leap, Enterprise_communications_broker, Graalvm, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware | 7.5 | ||
| 2020-01-21 | CVE-2019-19344 | There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. | Ubuntu_linux, Leap, Samba, Directory_server, Diskstation_manager, Router_manager, Skynas | 6.5 | ||
| 2018-01-03 | CVE-2017-18017 | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | Eos, Ubuntu_linux, Debian_linux, Arx, Linux_kernel, Cloud_magnum_orchestration, Leap, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Mrg_realtime, Caas_platform, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_high_availability, Linux_enterprise_high_availability_extension, Linux_enterprise_live_patching, Linux_enterprise_module_for_public_cloud, Linux_enterprise_point_of_sale, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Openstack_cloud | 9.8 | ||
| 2020-01-03 | CVE-2020-5395 | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | Fedora, Fontforge, Leap | 8.8 | ||
| 2020-01-03 | CVE-2020-5496 | FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | Fontforge, Leap | 8.8 | ||
| 2020-01-08 | CVE-2020-6609 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | Libredwg, Backports_sle, Leap | 8.8 | ||
| 2020-01-08 | CVE-2020-6610 | GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. | Libredwg, Backports, Leap | 6.5 | ||
| 2020-01-08 | CVE-2020-6611 | GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | Libredwg, Backports_sle, Leap | 6.5 | ||
| 2020-01-08 | CVE-2020-6612 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | Libredwg, Backports_sle, Leap | 8.1 | ||
| 2020-01-08 | CVE-2020-6613 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | Libredwg, Backports_sle, Leap | 8.1 |