Summary
Detail | |||
---|---|---|---|
Vendor | Opensuse | First view | 2012-08-31 |
Product | Leap | Last view | 2019-12-03 |
Version | 42.1 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:opensuse:leap |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.8 | 2019-12-03 | CVE-2016-1000104 | A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. |
3.3 | 2019-11-05 | CVE-2016-4983 | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. |
7.8 | 2019-11-04 | CVE-2017-5333 | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. |
7.8 | 2019-11-04 | CVE-2017-5332 | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. |
7.8 | 2019-11-04 | CVE-2017-5331 | Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. |
9.8 | 2019-11-04 | CVE-2015-8980 | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. |
7.5 | 2018-07-30 | CVE-2016-9597 | It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. |
8.8 | 2018-03-11 | CVE-2016-5314 | Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. |
8.8 | 2018-01-09 | CVE-2015-1290 | The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. |
7.8 | 2017-09-08 | CVE-2016-5759 | The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. |
7.5 | 2017-08-07 | CVE-2014-3462 | The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". |
7.5 | 2017-07-21 | CVE-2015-5300 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). |
7.5 | 2017-07-21 | CVE-2015-5219 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. |
8.8 | 2017-06-01 | CVE-2017-8386 | git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. |
9.8 | 2017-05-23 | CVE-2016-9843 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. |
8.8 | 2017-05-23 | CVE-2016-9842 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. |
9.8 | 2017-05-23 | CVE-2016-9841 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
8.8 | 2017-05-23 | CVE-2016-9840 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
9.8 | 2017-05-23 | CVE-2016-5178 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. |
8.8 | 2017-05-23 | CVE-2016-5177 | Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. |
7.8 | 2017-04-21 | CVE-2016-2347 | Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. |
6.1 | 2017-04-13 | CVE-2016-4068 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. |
6.1 | 2017-04-13 | CVE-2015-8864 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. |
7.7 | 2017-04-13 | CVE-2015-8567 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). |
9.8 | 2017-03-24 | CVE-2017-5337 | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
27% (87) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
9% (31) | CWE-200 | Information Exposure |
8% (26) | CWE-20 | Improper Input Validation |
7% (22) | CWE-284 | Access Control (Authorization) Issues |
6% (21) | CWE-189 | Numeric Errors |
5% (16) | CWE-254 | Security Features |
4% (15) | CWE-125 | Out-of-bounds Read |
3% (12) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
2% (9) | CWE-416 | Use After Free |
2% (7) | CWE-310 | Cryptographic Issues |
2% (7) | CWE-190 | Integer Overflow or Wraparound |
2% (7) | CWE-19 | Data Handling |
1% (6) | CWE-787 | Out-of-bounds Write |
1% (6) | CWE-476 | NULL Pointer Dereference |
1% (5) | CWE-399 | Resource Management Errors |
1% (5) | CWE-264 | Permissions, Privileges, and Access Controls |
0% (3) | CWE-17 | Code |
0% (2) | CWE-704 | Incorrect Type Conversion or Cast |
0% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
0% (2) | CWE-362 | Race Condition |
0% (2) | CWE-287 | Improper Authentication |
0% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
0% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
0% (1) | CWE-763 | Release of Invalid Pointer or Reference |
0% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
OpenVAS Exploits
id | Description |
---|---|
2012-09-07 | Name : FreeBSD Ports: gatekeeper File : nvt/freebsd_gatekeeper0.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46781 - Type : BROWSER-FIREFOX - Revision : 2 |
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46767 - Type : BROWSER-FIREFOX - Revision : 4 |
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46766 - Type : BROWSER-FIREFOX - Revision : 2 |
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46765 - Type : BROWSER-FIREFOX - Revision : 2 |
2018-03-23 | NTP crypto-NAK denial of service attempt RuleID : 45693 - Type : SERVER-OTHER - Revision : 3 |
2018-02-20 | PostfixAdmin protected alias deletion attempt RuleID : 45454 - Type : SERVER-WEBAPP - Revision : 3 |
2017-12-13 | LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt RuleID : 44759 - Type : FILE-OTHER - Revision : 2 |
2017-12-13 | LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt RuleID : 44758 - Type : FILE-OTHER - Revision : 2 |
2017-12-13 | LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt RuleID : 44757 - Type : FILE-OTHER - Revision : 2 |
2017-12-13 | NTP crypto-NAK denial of service attempt RuleID : 44756 - Type : SERVER-OTHER - Revision : 3 |
2017-01-12 | Nitro Pro PDF Reader out of bounds write attempt RuleID : 41197 - Type : FILE-PDF - Revision : 5 |
2017-01-12 | Nitro Pro PDF Reader out of bounds write attempt RuleID : 41196 - Type : FILE-PDF - Revision : 5 |
2016-11-08 | Mozilla Firefox CSP report-uri arbitrary file write attempt RuleID : 40363 - Type : BROWSER-FIREFOX - Revision : 2 |
2016-07-13 | iperf3 heap overflow remote code execution attempt RuleID : 39165 - Type : SERVER-WEBAPP - Revision : 2 |
2016-06-09 | Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ... RuleID : 39162 - Type : FILE-PDF - Revision : 4 |
2016-06-09 | Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ... RuleID : 39161 - Type : FILE-PDF - Revision : 4 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39097 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39096 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39095 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39094 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39093 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39092 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39091 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39090 - Type : FILE-IMAGE - Revision : 2 |
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39006 - Type : FILE-IMAGE - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-924da855e1.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO |
2018-11-21 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1376.nasl - Type: ACT_GATHER_INFO |
2018-11-21 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1377.nasl - Type: ACT_GATHER_INFO |
2018-11-07 | Name: The remote Debian host is missing a security update. File: debian_DLA-1568.nasl - Type: ACT_GATHER_INFO |
2018-11-06 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-309-01.nasl - Type: ACT_GATHER_INFO |
2018-10-22 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ec5072b0d43a11e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO |
2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_5_62.nasl - Type: ACT_GATHER_INFO |
2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_42.nasl - Type: ACT_GATHER_INFO |
2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_24.nasl - Type: ACT_GATHER_INFO |
2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_13.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2016-0011.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO |
2018-08-15 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL53729441.nasl - Type: ACT_GATHER_INFO |
2018-08-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e714b7d239f649929f48e6b2f5f949df.nasl - Type: ACT_GATHER_INFO |
2018-06-28 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1156.nasl - Type: ACT_GATHER_INFO |