Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-08 | CVE-2019-11494 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | Dovecot, Fedora, Leap | 7.5 | ||
| 2019-05-10 | CVE-2019-11884 | The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 3.3 | ||
| 2019-05-13 | CVE-2019-12083 | The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | Fedora, Leap, Rust | 8.1 | ||
| 2019-05-14 | CVE-2019-11328 | An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host. | Fedora, Backports, Leap, Singularity | 8.8 | ||
| 2019-05-15 | CVE-2019-8936 | NTP through 4.2.8p12 has a NULL Pointer Dereference. | Fedora, Hpux\-Ntp, Clustered_data_ontap, Data_ontap, Ntp, Leap | 7.5 | ||
| 2019-05-15 | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. | Debian_linux, Fedora, Heimdal, Backports_sle, Leap | 7.4 | ||
| 2019-05-16 | CVE-2019-3839 | It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. | Ghostscript, Ubuntu_linux, Debian_linux, Fedora, Leap, Enterprise_linux | 7.8 | ||
| 2019-05-20 | CVE-2019-12221 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | Ubuntu_linux, Debian_linux, Fedora, Sdl2_image, Simple_directmedia_layer, Backports_sle, Leap | 6.5 | ||
| 2019-05-23 | CVE-2019-5787 | Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Chrome, Backports, Leap | 8.8 | ||
| 2019-05-23 | CVE-2019-5788 | An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | Chrome, Backports, Leap | 8.8 |