Filtered by vendor Opensuse
Subscriptions
Total
3283 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-13708 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-05 | 4.3 Medium |
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2019-13719 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-05 | 4.3 Medium |
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | ||||
CVE-2019-13707 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-08-05 | 5.5 Medium |
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. | ||||
CVE-2019-13705 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports, Rhel Extras | 2024-08-05 | 4.3 Medium |
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | ||||
CVE-2019-13709 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-05 | 6.5 Medium |
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | ||||
CVE-2019-13706 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-05 | 7.8 High |
Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
CVE-2019-13703 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-05 | 4.3 Medium |
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2019-13701 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-04 | 4.3 Medium |
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2019-13700 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-04 | 8.8 High |
Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2019-13699 | 3 Google, Opensuse, Redhat | 3 Chrome, Backports Sle, Rhel Extras | 2024-08-04 | 8.8 High |
Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2019-13627 | 5 Canonical, Debian, Libgcrypt20 Project and 2 more | 5 Ubuntu Linux, Debian Linux, Libgcrypt20 and 2 more | 2024-08-04 | 6.3 Medium |
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | ||||
CVE-2019-13619 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-08-04 | 7.5 High |
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. | ||||
CVE-2019-13626 | 4 Debian, Fedoraproject, Libsdl and 1 more | 4 Debian Linux, Fedora, Libsdl and 1 more | 2024-08-04 | 6.5 Medium |
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. | ||||
CVE-2019-13616 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-08-04 | 8.1 High |
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | ||||
CVE-2019-13602 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2024-08-04 | 7.8 High |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | ||||
CVE-2019-13565 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-08-04 | 7.5 High |
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. | ||||
CVE-2019-13454 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-08-04 | 6.5 Medium |
ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. | ||||
CVE-2019-13456 | 4 Freeradius, Linux, Opensuse and 1 more | 4 Freeradius, Linux Kernel, Leap and 1 more | 2024-08-04 | 6.5 Medium |
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. | ||||
CVE-2019-13301 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-08-04 | 6.5 Medium |
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. | ||||
CVE-2019-13303 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-08-04 | 8.8 High |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. |