Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-21 | CVE-2019-6454 | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Active_iq_performance_analytics_services, Leap, Enterprise_linux, Enterprise_linux_compute_node_eus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Systemd | 5.5 | ||
| 2019-03-21 | CVE-2019-6690 | python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. | Ubuntu_linux, Debian_linux, Leap, Python\-Gnupg, Backports | 7.5 | ||
| 2019-03-21 | CVE-2019-6778 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | Ubuntu_linux, Fedora, Leap, Qemu | 7.8 | ||
| 2019-03-21 | CVE-2019-7221 | The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_performance_analytics_services, Element_software_management_node, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 7.8 | ||
| 2019-03-21 | CVE-2019-7222 | The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_performance_analytics_services, Element_software_management_node, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.5 | ||
| 2019-03-21 | CVE-2019-9894 | A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty | 7.5 | ||
| 2019-03-21 | CVE-2019-9897 | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty | 7.5 | ||
| 2019-03-21 | CVE-2019-9898 | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty | 9.8 | ||
| 2019-03-21 | CVE-2019-3855 | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | Xcode, Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap, Peoplesoft_enterprise_peopletools, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.8 | ||
| 2019-03-21 | CVE-2019-3858 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap | 9.1 |