Product:

Leap

(Opensuse)
Repositories https://github.com/phpmyadmin/phpmyadmin
https://github.com/ImageMagick/ImageMagick
https://github.com/torvalds/linux
https://github.com/krb5/krb5
https://github.com/madler/zlib
https://github.com/libgd/libgd
https://github.com/php/php-src
https://github.com/ceph/ceph
https://github.com/libarchive/libarchive
https://github.com/roundcube/roundcubemail
https://github.com/tats/w3m
https://github.com/golang/go
https://github.com/dbry/WavPack
https://github.com/git/git
https://github.com/file/file
https://github.com/dosfstools/dosfstools
https://github.com/atheme/atheme
https://github.com/quassel/quassel
https://github.com/apache/httpd
https://github.com/opencontainers/runc
https://github.com/bcgit/bc-java
https://github.com/mm2/Little-CMS
https://github.com/FFmpeg/FFmpeg
https://github.com/uclouvain/openjpeg
https://git.kernel.org/pub/scm/git/git.git
https://github.com/mdadams/jasper
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/rdesktop/rdesktop
https://github.com/ntp-project/ntp
https://github.com/requests/requests
https://github.com/esnet/iperf
https://github.com/lighttpd/lighttpd1.4
https://github.com/heimdal/heimdal
https://github.com/erikd/libsndfile
https://github.com/FreeRDP/FreeRDP
https://github.com/mysql/mysql-server
https://github.com/WebKit/webkit
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/ClusterLabs/pacemaker
https://github.com/curl/curl
https://github.com/vadz/libtiff
https://github.com/libimobiledevice/libimobiledevice
https://github.com/fragglet/lhasa
https://github.com/TigerVNC/tigervnc
https://github.com/stedolan/jq
https://github.com/Matroska-Org/libmatroska
https://github.com/the-tcpdump-group/tcpdump
#Vulnerabilities 1883
Date Id Summary Products Score Patch Annotated
2019-11-18 CVE-2019-19062 A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux 4.7
2019-11-18 CVE-2019-19063 Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. Brocade_fabric_operating_system_firmware, Ubuntu_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_baseboard_management_controller, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Fas\/aff_baseboard_management_controller, Hci_baseboard_management_controller, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap, Sd\-Wan_edge 4.6
2019-11-18 CVE-2019-19066 A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux 4.7
2019-11-18 CVE-2019-19068 A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux 4.6
2019-11-18 CVE-2019-19073 Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. Fedora, Linux_kernel, Leap 4.0
2019-11-19 CVE-2019-18934 Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. Fedora, Unbound, Leap 7.3
2019-11-22 CVE-2019-18622 An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. Fedora, Backports_sle, Leap, Phpmyadmin 9.8
2019-11-26 CVE-2019-12523 An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 9.1
2019-11-26 CVE-2019-12526 An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap. Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 9.8
2019-11-27 CVE-2019-18660 The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. Ubuntu_linux, Fedora, Linux_kernel, Leap, Enterprise_linux 4.7