Vulnerabilities > Opensuse > Leap

DATE CVE VULNERABILITY TITLE RISK
2018-01-09 CVE-2015-1290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
network
low complexity
google qt opensuse CWE-119
8.8
2018-01-04 CVE-2017-5753 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
5.6
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8
2017-12-20 CVE-2017-17806 Out-of-bounds Write vulnerability in multiple products
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
7.8
2017-12-20 CVE-2017-17805 Improper Input Validation vulnerability in multiple products
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API.
7.8
2017-12-18 CVE-2017-17740 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
network
low complexity
openldap opensuse oracle mcafee CWE-119
7.5
2017-12-05 CVE-2016-1254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
7.5
2017-10-17 CVE-2017-13088 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
5.3
2017-10-17 CVE-2017-13087 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
5.3
2017-10-17 CVE-2017-13086 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
6.8