Vulnerabilities > Opensuse > Leap

DATE CVE VULNERABILITY TITLE RISK
2019-11-04 CVE-2015-8980 Improper Input Validation vulnerability in multiple products
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
network
low complexity
php-gettext-project opensuse redhat fedoraproject CWE-20
critical
9.8
2019-11-04 CVE-2019-18683 Use After Free vulnerability in multiple products
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8.
7.0
2019-11-01 CVE-2019-6470 There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode.
network
low complexity
isc redhat opensuse
7.5
2019-10-31 CVE-2019-5010 NULL Pointer Dereference vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6.
network
low complexity
python opensuse debian redhat CWE-476
7.5
2019-10-31 CVE-2019-18425 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors.
network
low complexity
xen debian fedoraproject opensuse CWE-269
critical
9.8
2019-10-31 CVE-2019-18424 OS Command Injection vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device.
6.8
2019-10-31 CVE-2019-18421 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations.
network
high complexity
xen debian fedoraproject opensuse CWE-362
7.5
2019-10-24 CVE-2019-17596 Interpretation Conflict vulnerability in multiple products
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key.
7.5
2019-10-21 CVE-2019-17498 Integer Overflow or Wraparound vulnerability in multiple products
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read.
8.1
2019-10-21 CVE-2019-18218 Out-of-bounds Write vulnerability in multiple products
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
7.8