Vulnerabilities > Opensuse > Leap > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-9495 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. | 3.7 |
| 2019-03-21 | CVE-2019-8934 | Exposure of Resource to Wrong Sphere vulnerability in multiple products hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | 3.3 |
| 2019-01-16 | CVE-2019-2422 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). | 3.1 |
| 2019-01-16 | CVE-2019-2426 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). | 3.7 |
| 2018-08-10 | CVE-2018-6556 | Channel and Path Errors vulnerability in multiple products lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. | 3.3 |
| 2017-03-20 | CVE-2017-5930 | Missing Authorization vulnerability in multiple products The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. | 2.7 |
| 2016-09-11 | CVE-2016-5166 | Information Exposure vulnerability in multiple products The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | 3.1 |
| 2016-04-21 | CVE-2016-0643 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. | 3.3 |
| 2016-01-08 | CVE-2015-7758 | Link Following vulnerability in multiple products Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | 3.3 |