Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
57
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 43 of 95
CVE-2019-17594MEDIUMCVSS 5.3v15.0v15.12019-10-14
CVE-2019-17594 [MEDIUM] CWE-125 CVE-2019-17594: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the te
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
nvd
CVE-2019-17455CRITICALCVSS 9.8v15.12019-10-10
CVE-2019-17455 [CRITICAL] CWE-125 CVE-2019-17455: Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, an
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
nvd
CVE-2019-17450MEDIUMCVSS 6.5v15.1v15.22019-10-10
CVE-2019-17450 [MEDIUM] CWE-674 CVE-2019-17450: find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
nvd
CVE-2019-17451MEDIUMCVSS 6.5v15.1v15.22019-10-10
CVE-2019-17451 [MEDIUM] CWE-190 CVE-2019-17451: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
nvd
CVE-2019-14846HIGHCVSS 7.8v15.12019-10-08
CVE-2019-14846 [HIGH] CWE-117 CVE-2019-14846: In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-e
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
nvd
CVE-2019-17041CRITICALCVSS 9.8v15.0v15.12019-10-07
CVE-2019-17041 [CRITICAL] CWE-787 CVE-2019-17041: An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the varia
nvd
CVE-2019-17042CRITICALCVSS 9.8v15.0v15.12019-10-07
CVE-2019-17042 [CRITICAL] CWE-20 CVE-2019-17042: An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflo
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMs
nvd
CVE-2019-17133CRITICALCVSS 9.8v15.12019-10-04
CVE-2019-17133 [CRITICAL] CWE-120 CVE-2019-17133: In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not re
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
nvd
CVE-2019-17177HIGHCVSS 7.5v15.0v15.12019-10-04
CVE-2019-17177 [HIGH] CWE-401 CVE-2019-17177: libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks becaus
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
nvd
CVE-2019-17178HIGHCVSS 7.5v15.0v15.12019-10-04
CVE-2019-17178 [HIGH] CWE-252 CVE-2019-17178: HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in Free
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
nvd
CVE-2018-16227HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-16227 [HIGH] CWE-125 CVE-2018-16227: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
nvd
CVE-2018-16228HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-16228 [HIGH] CWE-125 CVE-2018-16228: The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
nvd
CVE-2018-14469HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-14469 [HIGH] CWE-125 CVE-2018-14469: The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
nvd
CVE-2018-14880HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-14880 [HIGH] CWE-125 CVE-2018-14880: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
nvd
CVE-2018-14467HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-14467 [HIGH] CWE-125 CVE-2018-14467: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print(
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
nvd
CVE-2018-14882HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-14882 [HIGH] CWE-125 CVE-2018-14882: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
nvd
CVE-2018-16230HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-16230 [HIGH] CWE-125 CVE-2018-16230: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_RE
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
nvd
CVE-2018-14464HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-14464 [HIGH] CWE-125 CVE-2018-14464: The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_sub
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
nvd
CVE-2018-14881HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-14881 [HIGH] CWE-125 CVE-2018-14881: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print(
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
nvd
CVE-2018-14465HIGHCVSS 7.5v15.0v15.12019-10-03
CVE-2018-14465 [HIGH] CWE-125 CVE-2018-14465: The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
nvd