This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2012-08-31
Product Leap Last view 2022-01-06
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* 817
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* 382
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* 370
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* 291
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* 163
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:* 87
cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:* 2

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2022-01-06 CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

5.5 2022-01-06 CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

7.5 2022-01-01 CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

7.5 2022-01-01 CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

6.5 2021-02-09 CVE-2021-26676

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

8.8 2021-02-09 CVE-2021-26675

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

6.3 2020-11-04 CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.

8.8 2020-11-03 CVE-2020-16009

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16008

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

7.8 2020-11-03 CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

8.8 2020-11-03 CVE-2020-16006

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16005

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16004

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

5.5 2020-10-29 CVE-2020-14323

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

5.5 2020-10-22 CVE-2020-27673

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.

7 2020-10-22 CVE-2020-27672

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

7.8 2020-10-22 CVE-2020-27671

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.

7.8 2020-10-22 CVE-2020-27670

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

3.3 2020-10-22 CVE-2020-27560

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

9.8 2020-10-22 CVE-2020-15683

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

5.3 2020-10-21 CVE-2020-14803

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.1 2020-10-21 CVE-2020-14798

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

3.7 2020-10-21 CVE-2020-14797

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

3.1 2020-10-21 CVE-2020-14796

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

4.2 2020-10-21 CVE-2020-14792

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
12% (166) CWE-787 Out-of-bounds Write
12% (159) CWE-125 Out-of-bounds Read
9% (122) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (79) CWE-416 Use After Free
4% (61) CWE-190 Integer Overflow or Wraparound
4% (61) CWE-20 Improper Input Validation
3% (52) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
3% (49) CWE-476 NULL Pointer Dereference
3% (40) CWE-200 Information Exposure
1% (25) CWE-362 Race Condition
1% (25) CWE-284 Access Control (Authorization) Issues
1% (25) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (21) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (18) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (18) CWE-189 Numeric Errors
1% (17) CWE-330 Use of Insufficiently Random Values
1% (17) CWE-254 Security Features
1% (15) CWE-770 Allocation of Resources Without Limits or Throttling
0% (13) CWE-617 Reachable Assertion
0% (13) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (13) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (11) CWE-772 Missing Release of Resource after Effective Lifetime
0% (11) CWE-502 Deserialization of Untrusted Data
0% (11) CWE-369 Divide By Zero
0% (10) CWE-276 Incorrect Default Permissions

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:22031 DSA-2850-1 libyaml - heap-based buffer overflow
oval:org.mitre.oval:def:21878 USN-2098-1 -- libyaml vulnerability
oval:org.mitre.oval:def:24291 DSA-2870-1 libyaml-libyaml-perl - heap-based buffer overflow
oval:org.mitre.oval:def:29226 DSA-2850-2 -- libyaml -- heap-based buffer overflow
oval:org.mitre.oval:def:24469 DSA-2884-1 libyaml - security update
oval:org.mitre.oval:def:23896 DSA-2885-1 libyaml-libyaml-perl - security update
oval:org.mitre.oval:def:24450 USN-2160-1 -- libyaml vulnerability
oval:org.mitre.oval:def:24117 USN-2161-1 -- libyaml-libyaml-perl vulnerabilities
oval:org.mitre.oval:def:29055 SUSE-SU-2015:0953-2 -- Security update for perl-YAML-LibYAML (moderate)
oval:org.mitre.oval:def:24301 Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, ...
oval:org.mitre.oval:def:24135 AIX OpenSSL DTLS invalid fragment vulnerability
oval:org.mitre.oval:def:24593 Remote Unauthorized Access

OpenVAS Exploits

id Description
2012-09-07 Name : FreeBSD Ports: gatekeeper
File : nvt/freebsd_gatekeeper0.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0099 Multiple Vulnerabilities in McAfee Email Gateway
Severity: Category I - VMSKEY: V0053203
2014-B-0085 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0052899
2014-B-0077 Multiple Vulnerabilities in McAfee Web Gateway
Severity: Category I - VMSKEY: V0052625
2014-B-0080 Multiple Vulnerabilities in Stunnel
Severity: Category I - VMSKEY: V0052627
2014-A-0087 Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity: Category I - VMSKEY: V0052637
2014-B-0079 Multiple Vulnerabilities in IBM AIX
Severity: Category I - VMSKEY: V0052641
2014-A-0083 Multiple Vulnerabilities in OpenSSL
Severity: Category I - VMSKEY: V0052495

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-02-02 Grafana Labs Grafana denial of service attempt
RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56224 - Type : POLICY-OTHER - Revision : 1
2020-12-08 PyYAML Python object serialization attempt
RuleID : 56223 - Type : POLICY-OTHER - Revision : 1
2020-11-24 Apache Tomcat WebSocket length denial of service attempt
RuleID : 56086 - Type : SERVER-WEBAPP - Revision : 1
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56052 - Type : OS-LINUX - Revision : 1
2020-11-19 Linux kernel af_packet tpacket_rcv integer overflow attempt
RuleID : 56051 - Type : OS-LINUX - Revision : 1
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-22 Apache Tomcat HTTP/2 denial of service attempt
RuleID : 55801 - Type : SERVER-WEBAPP - Revision : 1
2020-10-22 Apache Tomcat HTTP/2 denial of service attempt
RuleID : 55800 - Type : SERVER-WEBAPP - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2020-07-30 PHP php_strip_tags_ex function out-of-bounds read attempt
RuleID : 54406 - Type : SERVER-WEBAPP - Revision : 1
2020-07-30 PHP php_strip_tags_ex function out-of-bounds read attempt
RuleID : 54405 - Type : SERVER-WEBAPP - Revision : 1
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-12-05 TRUFFLEHUNTER TALOS-2020-1029 attack attempt
RuleID : 53565 - Type : PROTOCOL-TFTP - Revision : 1
2020-04-21 Apache Log4j SocketServer insecure deserialization remote code execution attempt
RuleID : 53475 - Type : SERVER-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2020-1018 attack attempt
RuleID : 53418 - Type : SERVER-OTHER - Revision : 1

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-1635.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-1198005e1f.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-c424e3bb72.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Debian host is missing a security update.
File: debian_DLA-1631.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1627.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1628.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-078b082cbe.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-08550a9006.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1eec1f0d17.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-28f30efaf6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2bf852f063.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-327707371e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-32c8599fe1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-33c7c17e71.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4544e8dbc8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-49d6e4bc3f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e660226e7.nasl - Type: ACT_GATHER_INFO