Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-06 | CVE-2016-9960 | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | Fedora, Game\-Music\-Emu, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Leap, Leap | 5.5 | ||
| 2017-06-06 | CVE-2016-9961 | game-music-emu before 0.6.1 mishandles unspecified integer values. | Fedora, Game\-Music\-Emu, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Leap, Leap | 9.8 | ||
| 2017-07-06 | CVE-2017-8932 | A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | Fedora, Go, Suse_package_hub_for_suse_linux_enterprise, Leap | 5.9 | ||
| 2017-07-17 | CVE-2017-9814 | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. | Cairo, Leap | 7.5 | ||
| 2017-07-25 | CVE-2015-5221 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | Fedora, Jasper, Leap, Opensuse, Leap | 5.5 | ||
| 2017-08-02 | CVE-2015-5203 | Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | Fedora, Jasper, Leap, Opensuse, Leap | 5.5 | ||
| 2017-09-08 | CVE-2016-5759 | The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. | Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Leap | 7.8 | ||
| 2017-12-05 | CVE-2016-1254 | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | Debian_linux, Fedora, Leap, Opensuse, Leap, Tor | 7.5 | ||
| 2018-01-09 | CVE-2015-1290 | The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. | Chrome, Leap, Qt | 8.8 | ||
| 2018-01-29 | CVE-2017-18078 | systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | Debian_linux, Leap, Systemd | 7.8 |