Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-9628 3Canonical OpensuseXmltooling Project 3Leap Ubuntu LinuxXmltooling Jun 17, 2026 Apr 11, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type t...Show more The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.Show less
CVE-2019-11068 7Canonical DebianFedoraproject+4 more 22Active Iq Unified Manager Cloud BackupDebian Linux+19 more Jun 17, 2026 Apr 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is...Show more libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.Show less
CVE-2019-3880 5Debian FedoraprojectOpensuse+2 more 6Debian Linux Enterprise LinuxFedora+3 more Jun 17, 2026 Apr 9, 2019 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permission...Show more A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.Show less
CVE-2019-10903 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVE-2019-10901 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
CVE-2019-10899 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
CVE-2019-10896 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
CVE-2019-10895 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
CVE-2019-10894 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVE-2019-0211 8Apache CanonicalDebian+5 more 27Communications Session Report Manager Communications Session Route ManagerDebian Linux+24 more Jun 17, 2026 Apr 8, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) cou...Show more In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.Show less
CVE-2019-0217 8Apache CanonicalDebian+5 more 14Clustered Data Ontap Debian LinuxEnterprise Linux+11 more Jun 17, 2026 Apr 8, 2019 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing config...Show more In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.Show less
CVE-2019-1788 3Clamav DebianOpensuse 3Clamav Debian LinuxLeap Jun 17, 2026 Apr 8, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of ser...Show more A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.Show less
CVE-2019-1787 3Clamav DebianOpensuse 3Clamav Debian LinuxLeap Jun 17, 2026 Apr 8, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (Do...Show more A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.Show less
CVE-2019-11010 3Debian GraphicsmagickOpensuse 3Debian Linux GraphicsmagickLeap Jun 17, 2026 Apr 8, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
CVE-2019-11009 3Debian GraphicsmagickOpensuse 3Debian Linux GraphicsmagickLeap Jun 17, 2026 Apr 8, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.Show less
CVE-2019-11008 4Canonical DebianGraphicsmagick+1 more 5Backports Sle Debian LinuxGraphicsmagick+2 more Jun 17, 2026 Apr 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.Show less
CVE-2019-11007 4Canonical DebianGraphicsmagick+1 more 5Backports Sle Debian LinuxGraphicsmagick+2 more Jun 17, 2026 Apr 8, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.Show less
CVE-2019-11006 3Debian GraphicsmagickOpensuse 3Debian Linux GraphicsmagickLeap Jun 17, 2026 Apr 8, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.Show less
CVE-2019-11005 2Graphicsmagick Opensuse 2Graphicsmagick Leap Jun 17, 2026 Apr 8, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possib...Show more In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.Show less
CVE-2019-10740 3Fedoraproject OpensuseRoundcube 4Backports Sle FedoraLeap+1 more Jun 17, 2026 Apr 7, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or A...Show more In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.Show less

Previous 1...697071...164 Next