Opensuseproject Leap
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Opensuseproject Leap.
By the Year
In 2025 there have been 0 vulnerabilities in Opensuseproject Leap. Leap did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Leap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Opensuseproject Leap Security Vulnerabilities
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate
CVE-2017-17806
7.8 - High
- December 20, 2017
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
Memory Corruption
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls
CVE-2017-17805
7.8 - High
- December 20, 2017
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
Improper Input Validation
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9961
9.8 - Critical
- June 06, 2017
game-music-emu before 0.6.1 mishandles unspecified integer values.
Numeric Errors
game-music-emu before 0.6.1
CVE-2016-9960
5.5 - Medium
- June 06, 2017
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
Divide By Zero
Memory leak in ImageMagick
CVE-2014-9848
7.5 - High
- March 20, 2017
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Resource Management Errors
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which
CVE-2016-9436
6.5 - Medium
- January 20, 2017
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Improper Input Validation
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which
CVE-2016-9435
6.5 - Medium
- January 20, 2017
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tats W3m or by Opensuseproject? Click the Watch button to subscribe.