Filtered by vendor Opensuse
Subscriptions
Filtered by product Backports Sle
Subscriptions
Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-15999 | 6 Debian, Fedoraproject, Freetype and 3 more | 9 Debian Linux, Fedora, Freetype and 6 more | 2024-08-12 | 6.5 Medium |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-08-06 | 7.5 High |
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | ||||
CVE-2018-19052 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Backports Sle and 2 more | 2024-08-05 | 7.5 High |
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | ||||
CVE-2018-16874 | 4 Debian, Golang, Opensuse and 1 more | 5 Debian Linux, Go, Backports Sle and 2 more | 2024-08-05 | 8.1 High |
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | ||||
CVE-2018-16873 | 4 Debian, Golang, Opensuse and 1 more | 5 Debian Linux, Go, Backports Sle and 2 more | 2024-08-05 | 8.1 High |
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u". | ||||
CVE-2019-20637 | 4 Opensuse, Redhat, Varnish-cache and 1 more | 5 Backports Sle, Leap, Enterprise Linux and 2 more | 2024-08-05 | 7.5 High |
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | ||||
CVE-2019-20010 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 8.8 High |
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | ||||
CVE-2019-20014 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 8.8 High |
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. | ||||
CVE-2019-20015 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. | ||||
CVE-2019-20013 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. | ||||
CVE-2019-20012 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. | ||||
CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 8.8 High |
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | ||||
CVE-2019-20009 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. | ||||
CVE-2019-19917 | 3 Fedoraproject, Lout Project, Opensuse | 4 Fedora, Lout, Backports Sle and 1 more | 2024-08-05 | 7.8 High |
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. | ||||
CVE-2019-19926 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | ||||
CVE-2019-19918 | 3 Fedoraproject, Lout Project, Opensuse | 4 Fedora, Lout, Backports Sle and 1 more | 2024-08-05 | 7.8 High |
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. | ||||
CVE-2019-19925 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | ||||
CVE-2019-19923 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | ||||
CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | ||||
CVE-2019-18932 | 2 Opensuse, Squid Analysis Report Generator Project | 3 Backports Sle, Leap, Squid Analysis Report Generator | 2024-08-05 | 7.0 High |
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. |