Opensuseproject Leap
By the Year
In 2024 there have been 0 vulnerabilities in Opensuseproject Leap . Leap did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Leap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Opensuseproject Leap Security Vulnerabilities
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate
CVE-2017-17806
7.8 - High
- December 20, 2017
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
Memory Corruption
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls
CVE-2017-17805
7.8 - High
- December 20, 2017
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
Improper Input Validation
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9961
9.8 - Critical
- June 06, 2017
game-music-emu before 0.6.1 mishandles unspecified integer values.
Numeric Errors
game-music-emu before 0.6.1
CVE-2016-9960
5.5 - Medium
- June 06, 2017
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
Divide By Zero
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which
CVE-2016-9436
6.5 - Medium
- January 20, 2017
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Improper Input Validation
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which
CVE-2016-9435
6.5 - Medium
- January 20, 2017
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tats W3m or by Opensuseproject? Click the Watch button to subscribe.