Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-12 | CVE-2018-18225 | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. | Debian_linux, Leap, Wireshark | 7.5 | ||
| 2018-12-04 | CVE-2018-19840 | The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. | Ubuntu_linux, Fedora, Leap, Wavpack | 5.5 | ||
| 2018-12-04 | CVE-2018-19841 | The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wavpack | 5.5 | ||
| 2018-12-11 | CVE-2018-18335 | Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Chrome, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2018-12-11 | CVE-2018-18356 | An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Ubuntu_linux, Debian_linux, Chrome, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.8 | ||
| 2018-12-13 | CVE-2018-19364 | hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu | 5.5 | ||
| 2018-12-13 | CVE-2018-19489 | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu | 4.7 | ||
| 2018-12-14 | CVE-2018-16873 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a... | Debian_linux, Go, Backports_sle, Leap, Linux_enterprise_server | 8.1 | ||
| 2018-12-14 | CVE-2018-16874 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | Debian_linux, Go, Backports_sle, Leap, Linux_enterprise_server | 8.1 | ||
| 2018-12-14 | CVE-2018-16875 | The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected. | Go, Leap | 7.5 |