Filtered by vendor Opensuse Subscriptions
Total 3283 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-13050 6 F5, Fedoraproject, Gnupg and 3 more 6 Traffix Signaling Delivery Controller, Fedora, Gnupg and 3 more 2024-08-04 7.5 High
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
CVE-2019-12973 5 Debian, Opensuse, Oracle and 2 more 6 Debian Linux, Leap, Database Server and 3 more 2024-08-04 5.5 Medium
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
CVE-2019-12976 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-08-04 5.5 Medium
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
CVE-2019-12972 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2024-08-04 5.5 Medium
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVE-2019-12979 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-08-04 7.8 High
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
CVE-2019-12921 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more 2024-08-04 6.5 Medium
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
CVE-2019-12900 6 Bzip, Canonical, Debian and 3 more 6 Bzip2, Ubuntu Linux, Debian Linux and 3 more 2024-08-04 9.8 Critical
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12854 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-08-04 7.5 High
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
CVE-2019-12817 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-08-04 7.0 High
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
CVE-2019-12838 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-08-04 9.8 Critical
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
CVE-2019-12523 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-08-04 9.1 Critical
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
CVE-2019-12614 5 Canonical, Fedoraproject, Linux and 2 more 5 Ubuntu Linux, Fedora, Linux Kernel and 2 more 2024-08-04 4.1 Medium
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVE-2019-12526 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-08-04 9.8 Critical
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
CVE-2019-12521 5 Canonical, Debian, Opensuse and 2 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2024-08-04 5.9 Medium
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
CVE-2019-12528 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-08-04 7.5 High
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
CVE-2019-12525 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-08-04 9.8 Critical
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
CVE-2019-12529 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-08-04 5.9 Medium
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
CVE-2019-12519 5 Canonical, Debian, Opensuse and 2 more 7 Ubuntu Linux, Debian Linux, Leap and 4 more 2024-08-04 9.8 Critical
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
CVE-2019-12450 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-08-04 9.8 Critical
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-12418 7 Apache, Canonical, Debian and 4 more 7 Tomcat, Ubuntu Linux, Debian Linux and 4 more 2024-08-04 7.0 High
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.