Filtered by vendor Opensuse
Subscriptions
Total
3283 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-16775 | 5 Fedoraproject, Npmjs, Opensuse and 2 more | 8 Fedora, Npm, Leap and 5 more | 2024-08-05 | 7.7 High |
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | ||||
CVE-2019-16776 | 5 Fedoraproject, Npmjs, Opensuse and 2 more | 8 Fedora, Npm, Leap and 5 more | 2024-08-05 | 7.7 High |
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | ||||
CVE-2019-16782 | 4 Fedoraproject, Opensuse, Rack Project and 1 more | 6 Fedora, Leap, Rack and 3 more | 2024-08-05 | 6.3 Medium |
There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. | ||||
CVE-2019-16746 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-05 | 9.8 Critical |
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. | ||||
CVE-2019-16777 | 5 Fedoraproject, Npmjs, Opensuse and 2 more | 8 Fedora, Npm, Leap and 5 more | 2024-08-05 | 7.7 High |
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | ||||
CVE-2019-16709 | 4 Canonical, Imagemagick, Opensuse and 1 more | 5 Ubuntu Linux, Imagemagick, Backports and 2 more | 2024-08-05 | 6.5 Medium |
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | ||||
CVE-2019-16713 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-08-05 | 6.5 Medium |
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | ||||
CVE-2019-16710 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-08-05 | 6.5 Medium |
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | ||||
CVE-2019-16711 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-08-05 | 6.5 Medium |
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | ||||
CVE-2019-16708 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-08-05 | 6.5 Medium |
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | ||||
CVE-2019-16712 | 3 Imagemagick, Opensuse, Redhat | 3 Imagemagick, Leap, Enterprise Linux | 2024-08-05 | 6.5 Medium |
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | ||||
CVE-2019-16239 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-05 | 9.8 Critical |
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. | ||||
CVE-2019-16276 | 6 Debian, Fedoraproject, Golang and 3 more | 11 Debian Linux, Fedora, Go and 8 more | 2024-08-05 | 7.5 High |
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | ||||
CVE-2019-16234 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2024-08-05 | 4.7 Medium |
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
CVE-2019-16319 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-08-05 | 7.5 High |
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. | ||||
CVE-2019-16255 | 5 Debian, Opensuse, Oracle and 2 more | 8 Debian Linux, Leap, Graalvm and 5 more | 2024-08-05 | 8.1 High |
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | ||||
CVE-2019-16233 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Leap and 2 more | 2024-08-05 | 4.1 Medium |
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
CVE-2019-16231 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Leap and 2 more | 2024-08-05 | 4.1 Medium |
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
CVE-2019-16232 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2024-08-05 | 4.1 Medium |
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
CVE-2019-16167 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-05 | 5.5 Medium |
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. |