Filtered by vendor Opensuse
Subscribe
Total
3283 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15921 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. | |||||
CVE-2019-5793 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||
CVE-2019-9456 | 2 Google, Opensuse | 2 Android, Leap | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2019-5829 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
CVE-2018-20615 | 4 Canonical, Haproxy, Opensuse and 1 more | 5 Ubuntu Linux, Haproxy, Leap and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. | |||||
CVE-2019-3862 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
CVE-2019-5787 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-9628 | 3 Canonical, Opensuse, Xmltooling Project | 3 Ubuntu Linux, Leap, Xmltooling | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. | |||||
CVE-2019-11725 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68. | |||||
CVE-2019-14981 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. | |||||
CVE-2019-11811 | 3 Linux, Opensuse, Redhat | 9 Linux Kernel, Leap, Enterprise Linux and 6 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. | |||||
CVE-2019-9851 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
CVE-2019-5811 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
CVE-2019-9455 | 2 Google, Opensuse | 2 Android, Leap | 2024-02-28 | 2.1 LOW | 2.3 LOW |
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2019-6690 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. | |||||
CVE-2019-3855 | 8 Apple, Debian, Fedoraproject and 5 more | 14 Xcode, Debian Linux, Fedora and 11 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | |||||
CVE-2019-9777 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec. | |||||
CVE-2019-8322 | 3 Debian, Opensuse, Rubygems | 3 Debian Linux, Leap, Rubygems | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. | |||||
CVE-2019-5836 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-15213 | 3 Linux, Netapp, Opensuse | 8 Linux Kernel, Active Iq Unified Manager, Data Availability Services and 5 more | 2024-02-28 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. |