This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2012-08-31
Product Leap Last view 2019-12-03
Version 42.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:opensuse:leap

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2019-12-03 CVE-2016-1000104

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

3.3 2019-11-05 CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

7.8 2019-11-04 CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8 2019-11-04 CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8 2019-11-04 CVE-2017-5331

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

9.8 2019-11-04 CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

7.5 2018-07-30 CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

8.8 2018-03-11 CVE-2016-5314

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

8.8 2018-01-09 CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

7.8 2017-09-08 CVE-2016-5759

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

7.5 2017-08-07 CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.5 2017-07-21 CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

8.8 2017-06-01 CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

9.8 2017-05-23 CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

8.8 2017-05-23 CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

9.8 2017-05-23 CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8 2017-05-23 CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8 2017-05-23 CVE-2016-5178

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8 2017-05-23 CVE-2016-5177

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

7.8 2017-04-21 CVE-2016-2347

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

6.1 2017-04-13 CVE-2016-4068

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

6.1 2017-04-13 CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

7.7 2017-04-13 CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

9.8 2017-03-24 CVE-2017-5337

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
28% (87) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (30) CWE-200 Information Exposure
8% (26) CWE-20 Improper Input Validation
7% (22) CWE-284 Access Control (Authorization) Issues
6% (21) CWE-189 Numeric Errors
5% (16) CWE-254 Security Features
4% (13) CWE-125 Out-of-bounds Read
3% (12) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (8) CWE-416 Use After Free
2% (7) CWE-310 Cryptographic Issues
2% (7) CWE-190 Integer Overflow or Wraparound
2% (7) CWE-19 Data Handling
1% (6) CWE-787 Out-of-bounds Write
1% (6) CWE-399 Resource Management Errors
1% (5) CWE-476 NULL Pointer Dereference
1% (5) CWE-264 Permissions, Privileges, and Access Controls
0% (3) CWE-17 Code
0% (2) CWE-704 Incorrect Type Conversion or Cast
0% (2) CWE-362 Race Condition
0% (2) CWE-287 Improper Authentication
0% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (1) CWE-415 Double Free
0% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
0% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

OpenVAS Exploits

id Description
2012-09-07 Name : FreeBSD Ports: gatekeeper
File : nvt/freebsd_gatekeeper0.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46781 - Type : BROWSER-FIREFOX - Revision : 2
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46767 - Type : BROWSER-FIREFOX - Revision : 4
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46766 - Type : BROWSER-FIREFOX - Revision : 2
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46765 - Type : BROWSER-FIREFOX - Revision : 2
2018-03-23 NTP crypto-NAK denial of service attempt
RuleID : 45693 - Type : SERVER-OTHER - Revision : 3
2018-02-20 PostfixAdmin protected alias deletion attempt
RuleID : 45454 - Type : SERVER-WEBAPP - Revision : 3
2017-12-13 LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt
RuleID : 44759 - Type : FILE-OTHER - Revision : 2
2017-12-13 LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt
RuleID : 44758 - Type : FILE-OTHER - Revision : 2
2017-12-13 LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt
RuleID : 44757 - Type : FILE-OTHER - Revision : 2
2017-12-13 NTP crypto-NAK denial of service attempt
RuleID : 44756 - Type : SERVER-OTHER - Revision : 3
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41197 - Type : FILE-PDF - Revision : 5
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41196 - Type : FILE-PDF - Revision : 5
2016-11-08 Mozilla Firefox CSP report-uri arbitrary file write attempt
RuleID : 40363 - Type : BROWSER-FIREFOX - Revision : 2
2016-07-13 iperf3 heap overflow remote code execution attempt
RuleID : 39165 - Type : SERVER-WEBAPP - Revision : 2
2016-06-09 Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ...
RuleID : 39162 - Type : FILE-PDF - Revision : 4
2016-06-09 Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ...
RuleID : 39161 - Type : FILE-PDF - Revision : 4
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39097 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39096 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39095 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39094 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39093 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39092 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39091 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39090 - Type : FILE-IMAGE - Revision : 2
2016-06-22 ImageMagick WWWDecodeDelegate command injection attempt
RuleID : 39006 - Type : FILE-IMAGE - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-924da855e1.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Fedora host is missing a security update.
File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1376.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1377.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1568.nasl - Type: ACT_GATHER_INFO
2018-11-06 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-309-01.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_ec5072b0d43a11e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_5_62.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_42.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_24.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_13.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL53729441.nasl - Type: ACT_GATHER_INFO
2018-08-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e714b7d239f649929f48e6b2f5f949df.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1156.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1401.nasl - Type: ACT_GATHER_INFO