Filtered by vendor Opensuse
Subscriptions
Filtered by product Backports
Subscriptions
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18899 | 2 Apt-cacher-ng Project, Opensuse | 3 Apt-cacher-ng, Backports, Leap | 2024-09-17 | 6.2 Medium |
| The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1. | ||||
| CVE-2018-20177 | 3 Debian, Opensuse, Rdesktop | 4 Debian Linux, Backports, Leap and 1 more | 2024-08-05 | 9.8 Critical |
| rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | ||||
| CVE-2019-20053 | 2 Opensuse, Upx Project | 3 Backports, Leap, Upx | 2024-08-05 | 5.5 Medium |
| An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | ||||
| CVE-2019-19950 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-08-05 | 9.8 Critical |
| In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | ||||
| CVE-2019-19953 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-08-05 | 9.1 Critical |
| In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | ||||
| CVE-2019-19951 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-08-05 | 9.8 Critical |
| In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | ||||
| CVE-2019-16709 | 4 Canonical, Imagemagick, Opensuse and 1 more | 5 Ubuntu Linux, Imagemagick, Backports and 2 more | 2024-08-05 | 6.5 Medium |
| ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | ||||
| CVE-2019-15624 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports, Suse Linux Enterprise Server | 2024-08-05 | 4.9 Medium |
| Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | ||||
| CVE-2019-15613 | 2 Nextcloud, Opensuse | 2 Nextcloud Server, Backports | 2024-08-05 | 8.0 High |
| A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | ||||
| CVE-2019-14524 | 2 Opensuse, Schismtracker | 3 Backports, Leap, Schism Tracker | 2024-08-05 | 7.8 High |
| An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | ||||
| CVE-2019-13711 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-08-05 | 5.3 Medium |
| Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13730 | 6 Debian, Fedoraproject, Google and 3 more | 10 Debian Linux, Fedora, Chrome and 7 more | 2024-08-05 | 8.8 High |
| Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13713 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-08-05 | 6.5 Medium |
| Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2019-13723 | 4 Fedoraproject, Google, Opensuse and 1 more | 7 Fedora, Chrome, Backports and 4 more | 2024-08-05 | 8.8 High |
| Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-13707 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-08-05 | 5.5 Medium |
| Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. | ||||
| CVE-2019-13705 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-08-05 | 4.3 Medium |
| Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | ||||
| CVE-2019-11328 | 3 Fedoraproject, Opensuse, Sylabs | 4 Fedora, Backports, Leap and 1 more | 2024-08-04 | 8.8 High |
| An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host. | ||||
| CVE-2019-10163 | 2 Opensuse, Powerdns | 3 Backports, Leap, Authoritative | 2024-08-04 | 4.3 Medium |
| A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. | ||||
| CVE-2019-7443 | 4 Fedoraproject, Kde, Opensuse and 1 more | 5 Fedora, Kauth, Backports and 2 more | 2024-08-04 | N/A |
| KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. | ||||
| CVE-2019-5827 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-08-04 | 8.8 High |
| Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||