Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-20843 7Canonical DebianFedoraproject+4 more 9Debian Linux FedoraHospitality Res 3700+6 more May 30, 2025 Jun 24, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for de...Show more In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).Show less
CVE-2019-12904 2Gnupg Opensuse 2Leap Libgcrypt Nov 21, 2024 Jun 20, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an ass...Show more In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attackShow less
CVE-2019-12900 6Bzip CanonicalDebian+3 more 6Bzip2 Debian LinuxFreebsd+3 more Jun 9, 2025 Jun 19, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-11040 4Debian OpensusePhp+1 more 4Debian Linux LeapPhp+1 more Nov 21, 2024 Jun 19, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data wh...Show more When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.Show less
CVE-2019-11039 4Debian OpensusePhp+1 more 4Debian Linux LeapPhp+1 more Nov 21, 2024 Jun 19, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to informa...Show more Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.Show less
CVE-2019-11038 8Canonical DebianFedoraproject+5 more 13Debian Linux Enterprise LinuxFedora+10 more Nov 21, 2024 Jun 19, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to...Show more When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.Show less
CVE-2019-8323 3Debian OpensuseRubygems 3Debian Linux LeapRubygems Nov 21, 2024 Jun 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence inj...Show more An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.Show less
CVE-2019-8322 3Debian OpensuseRubygems 3Debian Linux LeapRubygems Nov 21, 2024 Jun 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occ...Show more An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.Show less
CVE-2019-8321 3Debian OpensuseRubygems 3Debian Linux LeapRubygems Nov 21, 2024 Jun 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
CVE-2019-8325 3Debian OpensuseRubygems 3Debian Linux LeapRubygems Nov 21, 2024 Jun 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
CVE-2019-8324 4Debian OpensuseRedhat+1 more 4Debian Linux Enterprise LinuxLeap+1 more Nov 21, 2024 Jun 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eva...Show more An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.Show less
CVE-2019-10126 6Canonical DebianLinux+3 more 23A700s Firmware Active Iq Unified ManagerCn1610 Firmware+20 more Nov 21, 2024 Jun 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
CVE-2019-0197 6Apache CanonicalFedoraproject+3 more 11Communications Session Report Manager Communications Session Route ManagerEnterprise Manager Ops Center+8 more Nov 21, 2024 Jun 11, 2019 N/A· v4 4.2 MEDIUM· v3 4.9 MEDIUM· v2 A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the fir...Show more A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.Show less
CVE-2019-0220 5Apache CanonicalDebian+2 more 5Debian Linux FedoraHttp Server+2 more Nov 21, 2024 Jun 11, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for dup...Show more A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.Show less
CVE-2019-10160 7Canonical DebianFedoraproject+4 more 14Cloud Backup Converged Systems Advisor AgentDebian Linux+11 more Nov 21, 2024 Jun 7, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attack...Show more A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.Show less
CVE-2019-12614 5Canonical FedoraprojectLinux+2 more 5Enterprise Linux FedoraLeap+2 more Jun 17, 2026 Jun 3, 2019 N/A· v4 4.1 MEDIUM· v3 4.7 MEDIUM· v2 An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial...Show more An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).Show less
CVE-2019-3846 7Canonical DebianFedoraproject+4 more 12A700s Firmware Active Iq Unified Manager For Vmware VsphereCn1610 Firmware+9 more Jun 17, 2026 Jun 3, 2019 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
CVE-2019-8457 4Canonical FedoraprojectOpensuse+1 more 4Fedora LeapSqlite+1 more Jun 17, 2026 May 30, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVE-2019-12450 6Canonical DebianFedoraproject+3 more 9Debian Linux Enterprise LinuxEnterprise Linux Eus+6 more Jun 17, 2026 May 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-12449 4Canonical FedoraprojectGnome+1 more 4Fedora GvfsLeap+1 more Jun 17, 2026 May 29, 2019 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file://...Show more An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.Show less

Previous 1...656667...164 Next