Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-10906 5Canonical FedoraprojectOpensuse+2 more 5Fedora JinjaLeap+2 more Jun 17, 2026 Apr 7, 2019 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2019-3886 3Fedoraproject OpensuseRedhat 3Fedora LeapLibvirt Jun 17, 2026 Apr 4, 2019 N/A· v4 5.4 MEDIUM· v3 4.8 MEDIUM· v2 An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information...Show more An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.Show less
CVE-2018-20506 3Apple OpensuseSqlite 8Icloud Iphone OsItunes+5 more Nov 21, 2024 Apr 3, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, al...Show more SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.Show less
CVE-2019-3836 3Fedoraproject GnuOpensuse 3Fedora GnutlsLeap Jun 17, 2026 Apr 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVE-2019-5739 2Nodejs Opensuse 2Leap Node.js Jun 17, 2026 Mar 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior...Show more Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.Show less
CVE-2019-5737 2Nodejs Opensuse 2Leap Node.js Jun 17, 2026 Mar 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and...Show more In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.Show less
CVE-2019-7524 4Canonical DebianDovecot+1 more 4Debian Linux DovecotLeap+1 more Jun 17, 2026 Mar 28, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and...Show more In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.Show less
CVE-2019-0160 4Fedoraproject OpensuseRedhat+1 more 8Edk Ii Enterprise LinuxEnterprise Linux Eus+5 more Jun 17, 2026 Mar 27, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2018-12180 2Opensuse Tianocore 2Edk Ii Leap Nov 21, 2024 Mar 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
CVE-2019-5419 5Debian FedoraprojectOpensuse+2 more 6Cloudforms Debian LinuxFedora+3 more Jun 17, 2026 Mar 27, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unre...Show more There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.Show less
CVE-2019-5418 5Debian FedoraprojectOpensuse+2 more 6Cloudforms Debian LinuxFedora+3 more Jun 17, 2026 Mar 27, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesyste...Show more There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.Show less
CVE-2019-3840 2Opensuse Redhat 2Leap Libvirt Jun 17, 2026 Mar 27, 2019 N/A· v4 6.3 MEDIUM· v3 3.5 LOW· v2 A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a de...Show more A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.Show less
CVE-2019-3814 3Canonical DovecotOpensuse 3Dovecot LeapUbuntu Linux Jun 17, 2026 Mar 27, 2019 N/A· v4 6.8 MEDIUM· v3 4.9 MEDIUM· v2 It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this iss...Show more It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.Show less
CVE-2019-3861 4Debian Libssh2Netapp+1 more 4Debian Linux LeapLibssh2+1 more Jun 17, 2026 Mar 25, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able t...Show more An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.Show less
CVE-2019-3860 4Debian Libssh2Netapp+1 more 4Debian Linux LeapLibssh2+1 more Jun 17, 2026 Mar 25, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read da...Show more An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.Show less
CVE-2019-3857 7Debian FedoraprojectLibssh2+4 more 13Debian Linux Enterprise LinuxEnterprise Linux Desktop+10 more Jun 17, 2026 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SS...Show more An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.Show less
CVE-2019-3856 7Debian FedoraprojectLibssh2+4 more 13Debian Linux Enterprise LinuxEnterprise Linux Desktop+10 more Jun 17, 2026 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to e...Show more An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.Show less
CVE-2019-3838 5Artifex DebianFedoraproject+2 more 12Ansible Tower Debian LinuxEnterprise Linux+9 more Jun 17, 2026 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the f...Show more It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.Show less
CVE-2019-3835 5Artifex DebianFedoraproject+2 more 11Ansible Tower Debian LinuxEnterprise Linux Desktop+8 more Jun 17, 2026 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file syst...Show more It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.Show less
CVE-2019-3863 5Debian Libssh2Netapp+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 more Jun 17, 2026 Mar 25, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max charac...Show more A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.Show less

Previous 1...707172...164 Next