Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Backports Sle
Total 329 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7635 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 5.8 MEDIUM 8.1 HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7548 5 Debian, Opensuse, Oracle and 2 more 9 Debian Linux, Backports Sle, Leap and 6 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2019-7164 5 Debian, Opensuse, Oracle and 2 more 9 Debian Linux, Backports Sle, Leap and 6 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-5846 2 Google, Opensuse 3 Chrome, Backports Sle, Leap 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5845 2 Google, Opensuse 3 Chrome, Backports Sle, Leap 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5844 2 Google, Opensuse 3 Chrome, Backports Sle, Leap 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5802 2 Google, Opensuse 3 Chrome, Backports Sle, Leap 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-5796 2 Google, Opensuse 3 Chrome, Backports Sle, Leap 2024-11-21 5.1 MEDIUM 7.5 HIGH
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5794 2 Google, Opensuse 3 Chrome, Backports Sle, Leap 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-5736 13 Apache, Canonical, D2iq and 10 more 19 Mesos, Ubuntu Linux, Dc\/os and 16 more 2024-11-21 9.3 HIGH 8.6 HIGH
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
CVE-2019-5459 2 Opensuse, Videolan 4 Backports, Backports Sle, Leap and 1 more 2024-11-21 5.8 MEDIUM 7.1 HIGH
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
CVE-2019-5164 2 Opensuse, Shadowsocks 3 Backports Sle, Leap, Shadowsocks-libev 2024-11-21 4.6 MEDIUM 7.8 HIGH
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
CVE-2019-5060 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-5059 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-5058 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-5057 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-5052 4 Canonical, Debian, Libsdl and 1 more 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVE-2019-5051 4 Canonical, Debian, Libsdl and 1 more 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVE-2019-3698 3 Nagios, Opensuse, Suse 4 Nagios, Backports Sle, Leap and 1 more 2024-11-21 6.9 MEDIUM 5.7 MEDIUM
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
CVE-2019-3693 2 Opensuse, Suse 4 Backports Sle, Leap, Linux Enterprise Server and 1 more 2024-11-21 7.2 HIGH 7.7 HIGH
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.