Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1324 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41819 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-01-21 5.0 MEDIUM 7.5 HIGH
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2020-12693 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-01-17 5.1 MEDIUM 8.1 HIGH
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
CVE-2021-46142 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2022-01-16 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2021-46141 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2022-01-16 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2018-1000613 4 Bouncycastle, Netapp, Opensuse and 1 more 24 Legion-of-the-bouncy-castle-java-crytography-api, Oncommand Workflow Automation, Leap and 21 more 2022-01-14 7.5 HIGH 9.8 CRITICAL
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVE-2021-41817 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-01-11 5.0 MEDIUM 7.5 HIGH
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2020-12402 4 Debian, Fedoraproject, Mozilla and 1 more 4 Debian Linux, Fedora, Firefox and 1 more 2022-01-04 1.2 LOW 4.4 MEDIUM
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
CVE-2019-16709 3 Canonical, Imagemagick, Opensuse 4 Ubuntu Linux, Imagemagick, Backports and 1 more 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16712 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVE-2019-16167 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2022-01-01 4.3 MEDIUM 5.5 MEDIUM
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
CVE-2019-12854 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-01-01 5.0 MEDIUM 7.5 HIGH
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
CVE-2019-20053 2 Opensuse, Upx Project 3 Backports, Leap, Upx 2022-01-01 4.3 MEDIUM 5.5 MEDIUM
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVE-2019-13456 4 Freeradius, Linux, Opensuse and 1 more 4 Freeradius, Linux Kernel, Leap and 1 more 2022-01-01 2.9 LOW 6.5 MEDIUM
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
CVE-2019-5163 2 Opensuse, Shadowsocks 3 Backports, Leap, Shadowsocks-libev 2022-01-01 4.3 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
CVE-2020-8632 3 Canonical, Debian, Opensuse 3 Cloud-init, Debian Linux, Leap 2022-01-01 2.1 LOW 5.5 MEDIUM
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
CVE-2020-5202 3 Apt-cacher-ng Project, Debian, Opensuse 4 Apt-cacher-ng, Debian Linux, Backports and 1 more 2022-01-01 2.1 LOW 5.5 MEDIUM
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.
CVE-2019-17021 3 Microsoft, Mozilla, Opensuse 4 Windows, Firefox, Firefox Esr and 1 more 2022-01-01 2.6 LOW 5.3 MEDIUM
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2020-6610 2 Gnu, Opensuse 3 Libredwg, Backports, Leap 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVE-2020-1700 4 Canonical, Ceph, Opensuse and 1 more 4 Ubuntu Linux, Ceph, Leap and 1 more 2022-01-01 6.8 MEDIUM 6.5 MEDIUM
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
CVE-2020-0561 4 Intel, Linux, Microsoft and 1 more 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more 2022-01-01 4.6 MEDIUM 7.8 HIGH
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.