Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-18391 4Debian OpensuseRedhat+1 more 4Debian Linux Enterprise LinuxLeap+1 more Nov 21, 2024 Dec 23, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE co...Show more A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.Show less
CVE-2019-18390 4Debian OpensuseRedhat+1 more 4Debian Linux Enterprise LinuxLeap+1 more Nov 21, 2024 Dec 23, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
CVE-2019-18389 4Debian OpensuseRedhat+1 more 4Debian Linux Enterprise LinuxLeap+1 more Nov 21, 2024 Dec 23, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code...Show more A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.Show less
CVE-2019-18388 3Debian OpensuseVirglrenderer Project 3Debian Linux LeapVirglrenderer Nov 21, 2024 Dec 23, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.
CVE-2019-11050 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraLeap+3 more Nov 21, 2024 Dec 23, 2019 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will caus...Show more When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.Show less
CVE-2019-11046 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraLeap+3 more Nov 21, 2024 Dec 23, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string cont...Show more In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.Show less
CVE-2019-11045 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraLeap+3 more Nov 21, 2024 Dec 23, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabiliti...Show more In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.Show less
CVE-2019-19926 8Debian NetappOpensuse+5 more 11Backports Sle Cloud BackupDebian Linux+8 more Nov 21, 2024 Dec 23, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19...Show more multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.Show less
CVE-2019-19918 3Fedoraproject Lout ProjectOpensuse 4Backports Sle FedoraLeap+1 more Nov 21, 2024 Dec 20, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
CVE-2019-19917 3Fedoraproject Lout ProjectOpensuse 4Backports Sle FedoraLeap+1 more Nov 21, 2024 Dec 20, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
CVE-2019-17571 6Apache CanonicalDebian+3 more 17Application Testing Suite BookkeeperCommunications Network Integrity+14 more May 28, 2026 Dec 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening t...Show more Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.Show less
CVE-2019-16782 3Fedoraproject OpensuseRack 3Fedora LeapRack Feb 13, 2025 Dec 18, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing att...Show more There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.Show less
CVE-2019-19880 8Debian NetappOpensuse+5 more 11Backports Sle Cloud BackupDebian Linux+8 more Nov 21, 2024 Dec 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVE-2014-8179 2Docker Opensuse 3Cs Engine DockerOpensuse Nov 21, 2024 Dec 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a...Show more Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.Show less
CVE-2014-8178 2Docker Opensuse 3Cs Engine DockerOpensuse Nov 21, 2024 Dec 17, 2019 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or...Show more Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.Show less
CVE-2019-16779 3Debian Excon ProjectOpensuse 4Backports Sle Debian LinuxExcon+1 more Nov 21, 2024 Dec 16, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read...Show more In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.Show less
CVE-2014-3495 2Debian Opensuse 3Debian Linux DuplicityOpensuse Nov 21, 2024 Dec 13, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 duplicity 0.6.24 has improper verification of SSL certificates
CVE-2014-2387 3Debian OpensusePen Project 3Debian Linux OpensusePen Nov 21, 2024 Dec 13, 2019 N/A· v4 4.4 MEDIUM· v3 4.6 MEDIUM· v2 Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
CVE-2019-16777 5Fedoraproject NpmjsOpensuse+2 more 6Enterprise Linux Enterprise Linux EusFedora+3 more Nov 21, 2024 Dec 13, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package...Show more Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.Show less
CVE-2019-16776 5Fedoraproject NpmjsOpensuse+2 more 6Enterprise Linux Enterprise Linux EusFedora+3 more Nov 21, 2024 Dec 13, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in...Show more Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.Show less

Previous 1...434445...164 Next