Filtered by vendor Opensuse
Subscriptions
Filtered by product Backports Sle
Subscriptions
Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20013 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
| An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. | ||||
| CVE-2019-20012 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
| An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. | ||||
| CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 8.8 High |
| An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | ||||
| CVE-2019-20009 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-08-05 | 6.5 Medium |
| An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. | ||||
| CVE-2019-19917 | 3 Fedoraproject, Lout Project, Opensuse | 4 Fedora, Lout, Backports Sle and 1 more | 2024-08-05 | 7.8 High |
| Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. | ||||
| CVE-2019-19926 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
| multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | ||||
| CVE-2019-19918 | 3 Fedoraproject, Lout Project, Opensuse | 4 Fedora, Lout, Backports Sle and 1 more | 2024-08-05 | 7.8 High |
| Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. | ||||
| CVE-2019-19925 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
| zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | ||||
| CVE-2019-19923 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
| flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | ||||
| CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
| exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | ||||
| CVE-2019-18932 | 2 Opensuse, Squid Analysis Report Generator Project | 3 Backports Sle, Leap, Squid Analysis Report Generator | 2024-08-05 | 7.0 High |
| log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | ||||
| CVE-2019-18622 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Backports Sle, Leap and 1 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | ||||
| CVE-2019-18179 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. | ||||
| CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2024-08-05 | 9.8 Critical |
| GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | ||||
| CVE-2019-17455 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-05 | 9.8 Critical |
| Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | ||||
| CVE-2019-16779 | 3 Debian, Excon Project, Opensuse | 4 Debian Linux, Excon, Backports Sle and 1 more | 2024-08-05 | 5.8 Medium |
| In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. | ||||
| CVE-2019-16159 | 4 Debian, Fedoraproject, Nic and 1 more | 4 Debian Linux, Fedora, Bird and 1 more | 2024-08-05 | 7.5 High |
| BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | ||||
| CVE-2019-15623 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports Sle, Package Hub | 2024-08-05 | 5.3 Medium |
| Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | ||||
| CVE-2019-14905 | 3 Fedoraproject, Opensuse, Redhat | 8 Fedora, Backports Sle, Leap and 5 more | 2024-08-05 | 5.6 Medium |
| A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. | ||||
| CVE-2019-14846 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-08-05 | 7.8 High |
| In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | ||||