Leap
This hub aggregates every CVE we track for Leap, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
45
CVEs tracked
7
Critical
18
High
0
In CISA KEV
Severity distribution
HIGH18MEDIUM18CRITICAL7LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Leap.
- CVE-2022-38657An open redirect to malicious sites affects HCL Leap8.2
- CVE-2017-17805The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CR...7.8
- CVE-2017-17806The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF...7.8
- CVE-2016-1254Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.7.5
- CVE-2017-14496Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of servic...7.5
- CVE-2017-14494dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.5.9
- CVE-2017-13704In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to ...7.5
- CVE-2015-3138print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).7.5
- CVE-2015-5203Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.5.5
- CVE-2015-5221Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) ...5.5
- CVE-2015-5219The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (inf...7.5
- CVE-2016-9961game-music-emu before 0.6.1 mishandles unspecified integer values.9.8
- CVE-2016-9960game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).5.5
- CVE-2016-9957Stack-based buffer overflow in game-music-emu before 0.6.1.7.8
- CVE-2016-9958game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.7.8
Product normalization is registry-driven with AI assist and human review. How it works