Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
57
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 63 of 95
CVE-2019-3862CRITICALCVSS 9.1v42.32019-03-21
CVE-2019-3862 [CRITICAL] CWE-130 CVE-2019-3862: An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
nvd
CVE-2019-3859CRITICALCVSS 9.1v15.0v42.32019-03-21
CVE-2019-3859 [CRITICAL] CWE-125 CVE-2019-3859: An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
nvd
CVE-2019-6690HIGHCVSS 7.5v15.02019-03-21
CVE-2019-6690 [HIGH] CWE-20 CVE-2019-6690: python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext tha
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
nvd
CVE-2019-3855HIGHCVSS 8.8v42.32019-03-21
CVE-2019-3855 [HIGH] CWE-190 CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
nvd
CVE-2018-20615HIGHCVSS 7.5v15.02019-03-21
CVE-2018-20615 [HIGH] CWE-125 CVE-2018-20615: An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.
nvd
CVE-2019-9896HIGHCVSS 7.8v15.02019-03-21
CVE-2019-9896 [HIGH] CWE-427 CVE-2019-9896: In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
nvd
CVE-2019-7221HIGHCVSS 7.8v15.02019-03-21
CVE-2019-7221 [HIGH] CWE-416 CVE-2019-7221: The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
nvd
CVE-2017-16232HIGHCVSS 7.5v42.2v42.32019-03-21
CVE-2017-16232 [HIGH] CWE-772 CVE-2017-16232: LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of s
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue
nvd
CVE-2019-9897HIGHCVSS 7.5v15.02019-03-21
CVE-2019-9897 [HIGH] CVE-2019-9897: Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY v
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
nvd
CVE-2019-9894HIGHCVSS 7.5v15.02019-03-21
CVE-2019-9894 [HIGH] CWE-320 CVE-2019-9894: A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before ho
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
nvd
CVE-2019-6778HIGHCVSS 7.8v15.0v42.32019-03-21
CVE-2019-6778 [HIGH] CWE-787 CVE-2019-6778: In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
nvd
CVE-2019-6116HIGHCVSS 7.8PoCv15.0v42.32019-03-21
CVE-2019-6116 [HIGH] CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system op
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
nvd
CVE-2018-19872MEDIUMCVSS 5.5v15.02019-03-21
CVE-2018-19872 [MEDIUM] CWE-369 CVE-2018-19872: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in q
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
nvd
CVE-2019-7222MEDIUMCVSS 5.5v15.02019-03-21
CVE-2019-7222 [MEDIUM] CVE-2019-7222: The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
nvd
CVE-2019-6454MEDIUMCVSS 5.5v15.02019-03-21
CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta
nvd
CVE-2018-18849MEDIUMCVSS 5.5v15.0v42.32019-03-21
CVE-2018-18849 [MEDIUM] CWE-125 CVE-2018-18849: In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an inv
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
nvd
CVE-2019-8934LOWCVSS 3.3v15.0v42.32019-03-21
CVE-2019-8934 [LOW] CWE-668 CVE-2019-8934: hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
nvd
CVE-2018-20177CRITICALCVSS 9.8v15.12019-03-15
CVE-2018-20177 [CRITICAL] CWE-190 CVE-2018-20177: rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
nvd
CVE-2019-9775CRITICALCVSS 9.1v15.12019-03-14
CVE-2019-9775 [CRITICAL] CWE-125 CVE-2019-9775: An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the func
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
nvd
CVE-2019-9774CRITICALCVSS 9.1v15.12019-03-14
CVE-2019-9774 [CRITICAL] CWE-125 CVE-2019-9774: An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the func
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
nvd