Vulnerabilities (CVE)

Vendor filter

Opensuse Subscribe

Product filter

Leap Subscribe

Filter

607 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15902 4 Linux, Netapp, Debian and 1 more 6 Linux Kernel, Active Iq Performance Analytics Services, Service Processor and 3 more 2019-10-10 4.7
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible...
CVE-2019-5739 2 Nodejs, Opensuse 2 Node.js, Leap 2019-10-09 5.0
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and...
CVE-2019-3833 3 Openwsman Project, Fedoraproject, Opensuse 3 Openwsman, Fedora, Leap 2019-10-09 5.0
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP...
CVE-2019-1788 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2019-10-09 4.3
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an...
CVE-2019-1787 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2019-10-09 4.3
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an...
CVE-2018-1128 4 Ceph, Redhat, Debian and 1 more 11 Ceph, Ceph Storage, Ceph Storage Mon and 8 more 2019-10-09 5.4
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to...
CVE-2018-12477 1 Opensuse 2 Opensuse Leap, Leap 2019-10-09 6.4
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service:...
CVE-2018-10861 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-10-09 5.5
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to...
CVE-2017-9286 1 Opensuse 1 Leap 2019-10-09 9.0
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
CVE-2017-14804 2 Opensuse, Suse 2 Leap, Linux Enterprise Software Development Kit 2019-10-09 5.0
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
CVE-2016-9597 6 Hp, Xmlsoft, Canonical and 3 more 7 Icewall Federation Agent, Icewall File Manager, Libxml2 and 4 more 2019-10-09 5.0
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a...
CVE-2019-17069 2 Putty, Opensuse 2 Putty, Leap 2019-10-08 5.0
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
CVE-2019-17068 2 Putty, Opensuse 2 Putty, Leap 2019-10-08 5.0
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
CVE-2019-13627 2 Libgcrypt20 Project, Opensuse 2 Libgcrypt20, Leap 2019-10-03 6.8
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
CVE-2018-14523 3 Aubio, Opensuse, Suse 3 Aubio, Leap, Linux Enterprise 2019-10-03 6.8
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
CVE-2017-6594 3 H5l, Opensuse Project, Opensuse 3 Heimdal, Leap, Leap 2019-10-03 5.0
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
CVE-2018-12180 2 Tianocore, Opensuse 2 Edk Ii, Leap 2019-10-03 6.8
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
CVE-2018-20467 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2019-10-03 4.3
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVE-2017-18078 3 Freedesktop, Debian, Opensuse 3 Systemd, Debian Linux, Leap 2019-10-03 4.6
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors...
CVE-2017-16232 3 Libtiff, Opensuse, Suse 5 Libtiff, Leap, Linux Enterprise Desktop and 2 more 2019-10-03 5.0
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce...