Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
57
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 68 of 95
CVE-2019-6251HIGHCVSS 8.1v15.0v42.32019-01-14
CVE-2019-6251 [HIGH] CVE-2019-6251: WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
nvd
CVE-2019-6128HIGHCVSS 8.8v15.02019-01-11
CVE-2019-6128 [HIGH] CWE-401 CVE-2019-6128: The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rg
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
nvd
CVE-2018-20548HIGHCVSS 8.8v15.02018-12-28
CVE-2018-20548 [HIGH] CWE-119 CVE-2018-20548: There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
nvd
CVE-2018-20547HIGHCVSS 8.1v15.02018-12-28
CVE-2018-20547 [HIGH] CWE-119 CVE-2018-20547: There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
nvd
CVE-2018-20545HIGHCVSS 8.8v15.02018-12-28
CVE-2018-20545 [HIGH] CWE-190 CVE-2018-20545: There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
nvd
CVE-2018-20549HIGHCVSS 8.8v15.02018-12-28
CVE-2018-20549 [HIGH] CWE-119 CVE-2018-20549: There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.bet
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
nvd
CVE-2018-20546HIGHCVSS 8.1v15.02018-12-28
CVE-2018-20546 [HIGH] CWE-190 CVE-2018-20546: There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
nvd
CVE-2018-19873CRITICALCVSS 9.8v15.1v15.2+1 more2018-12-26
CVE-2018-19873 [CRITICAL] CWE-119 CVE-2018-19873: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
nvd
CVE-2018-19870HIGHCVSS 8.8v15.02018-12-26
CVE-2018-19870 [HIGH] CWE-476 CVE-2018-19870: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
nvd
CVE-2018-15518HIGHCVSS 8.8v42.32018-12-26
CVE-2018-15518 [HIGH] CWE-415 CVE-2018-15518: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially cra
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
nvd
CVE-2018-20482MEDIUMCVSS 4.7v15.02018-12-26
CVE-2018-20482 [MEDIUM] CWE-835 CVE-2018-20482: GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which all
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
nvd
CVE-2018-19869MEDIUMCVSS 6.5v15.02018-12-26
CVE-2018-19869 [MEDIUM] CWE-20 CVE-2018-19869: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qs
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
nvd
CVE-2018-20467MEDIUMCVSS 6.5v15.02018-12-26
CVE-2018-20467 [MEDIUM] CWE-835 CVE-2018-20467: In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and han
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
nvd
CVE-2018-19871MEDIUMCVSS 6.5v15.02018-12-26
CVE-2018-19871 [MEDIUM] CWE-400 CVE-2018-19871: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
nvd
CVE-2018-20346HIGHCVSS 8.1v15.0v42.32018-12-21
CVE-2018-20346 [HIGH] CWE-190 CVE-2018-20346: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and result
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magell
nvd
CVE-2018-1000878HIGHCVSS 8.8v15.02018-12-20
CVE-2018-1000878 [HIGH] CWE-416 CVE-2018-1000878: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards)
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially
nvd
CVE-2018-1000880MEDIUMCVSS 6.5v15.02018-12-20
CVE-2018-1000880 [MEDIUM] CWE-119 CVE-2018-1000880: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards)
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploit
nvd
CVE-2018-1000879MEDIUMCVSS 6.5v15.02018-12-20
CVE-2018-1000879 [MEDIUM] CWE-476 CVE-2018-1000879: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards)
libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive f
nvd
CVE-2018-20126MEDIUMCVSS 5.5v15.0v15.12018-12-20
CVE-2018-20126 [MEDIUM] CWE-772 CVE-2018-20126: hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mish
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
nvd
CVE-2018-16875HIGHCVSS 7.5v42.32018-12-14
CVE-2018-16875 [HIGH] CWE-20 CVE-2018-16875: The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of wo
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
nvd