Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1582 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2105 8 Apple, Canonical, Debian and 5 more 15 Mac Os X, Ubuntu Linux, Debian Linux and 12 more 2022-08-16 5.0 MEDIUM 7.5 HIGH
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-9840 8 Apple, Canonical, Debian and 5 more 19 Iphone Os, Mac Os X, Tvos and 16 more 2022-08-16 6.8 MEDIUM 8.8 HIGH
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9841 9 Apple, Canonical, Debian and 6 more 39 Iphone Os, Mac Os X, Tvos and 36 more 2022-08-16 7.5 HIGH 9.8 CRITICAL
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9843 10 Apple, Canonical, Debian and 7 more 24 Iphone Os, Mac Os X, Tvos and 21 more 2022-08-16 7.5 HIGH 9.8 CRITICAL
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9842 8 Apple, Canonical, Debian and 5 more 19 Iphone Os, Mac Os X, Tvos and 16 more 2022-08-16 6.8 MEDIUM 8.8 HIGH
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2019-20807 5 Apple, Canonical, Debian and 2 more 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more 2022-08-15 4.6 MEDIUM 5.3 MEDIUM
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
CVE-2019-9511 12 Apache, Apple, Canonical and 9 more 22 Traffic Server, Mac Os X, Swiftnio and 19 more 2022-08-12 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9514 13 Apache, Apple, Canonical and 10 more 30 Traffic Server, Mac Os X, Swiftnio and 27 more 2022-08-12 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-9513 12 Apache, Apple, Canonical and 9 more 22 Traffic Server, Mac Os X, Swiftnio and 19 more 2022-08-12 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9515 12 Apache, Apple, Canonical and 9 more 24 Traffic Server, Mac Os X, Swiftnio and 21 more 2022-08-12 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9518 11 Apache, Apple, Canonical and 8 more 20 Traffic Server, Mac Os X, Swiftnio and 17 more 2022-08-12 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
CVE-2019-9517 12 Apache, Apple, Canonical and 9 more 24 Traffic Server, Mac Os X, Swiftnio and 21 more 2022-08-12 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
CVE-2020-10531 9 Canonical, Debian, Fedoraproject and 6 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2022-08-12 6.8 MEDIUM 8.8 HIGH
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
CVE-2019-2698 6 Canonical, Debian, Hp and 3 more 15 Ubuntu Linux, Debian Linux, Xp7 Command View and 12 more 2022-08-12 6.8 MEDIUM 8.1 HIGH
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2019-2737 5 Canonical, Fedoraproject, Mariadb and 2 more 5 Ubuntu Linux, Fedora, Mariadb and 2 more 2022-08-05 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2627 5 Canonical, Mariadb, Opensuse and 2 more 10 Ubuntu Linux, Mariadb, Leap and 7 more 2022-08-05 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-9516 12 Apache, Apple, Canonical and 9 more 21 Traffic Server, Mac Os X, Swiftnio and 18 more 2022-08-05 6.8 MEDIUM 6.5 MEDIUM
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2015-8080 4 Debian, Opensuse, Redhat and 1 more 5 Debian Linux, Leap, Opensuse and 2 more 2022-08-05 5.0 MEDIUM 7.5 HIGH
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
CVE-2019-2628 5 Canonical, Mariadb, Opensuse and 2 more 8 Ubuntu Linux, Mariadb, Leap and 5 more 2022-08-05 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2574 5 Canonical, Mariadb, Netapp and 2 more 8 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 5 more 2022-08-04 4.3 MEDIUM 5.9 MEDIUM
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).