Filtered by vendor Opensuse
Subscriptions
Filtered by product Leap
Subscriptions
Total
1917 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14895 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-11-21 | 9.8 Critical |
| A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. | ||||
| CVE-2019-14889 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. | ||||
| CVE-2019-14870 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.4 Medium |
| All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. | ||||
| CVE-2019-14869 | 4 Artifex, Fedoraproject, Opensuse and 1 more | 5 Ghostscript, Fedora, Leap and 2 more | 2024-11-21 | 8.8 High |
| A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. | ||||
| CVE-2019-14864 | 3 Debian, Opensuse, Redhat | 9 Debian Linux, Backports Sle, Leap and 6 more | 2024-11-21 | 6.5 Medium |
| Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. | ||||
| CVE-2019-14861 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.3 Medium |
| All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. | ||||
| CVE-2019-14856 | 2 Opensuse, Redhat | 5 Backports Sle, Leap, Ansible and 2 more | 2024-11-21 | 6.5 Medium |
| ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None | ||||
| CVE-2019-14847 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2024-11-21 | 4.9 Medium |
| A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue. | ||||
| CVE-2019-14846 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-11-21 | 7.8 High |
| In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | ||||
| CVE-2019-14835 | 8 Canonical, Debian, Fedoraproject and 5 more | 49 Ubuntu Linux, Debian Linux, Fedora and 46 more | 2024-11-21 | 7.8 High |
| A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. | ||||
| CVE-2019-14833 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2024-11-21 | 5.4 Medium |
| A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. | ||||
| CVE-2019-14821 | 8 Canonical, Debian, Fedoraproject and 5 more | 41 Ubuntu Linux, Debian Linux, Fedora and 38 more | 2024-11-21 | 8.8 High |
| An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. | ||||
| CVE-2019-14817 | 5 Artifex, Debian, Fedoraproject and 2 more | 7 Ghostscript, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14816 | 7 Canonical, Debian, Fedoraproject and 4 more | 60 Ubuntu Linux, Debian Linux, Fedora and 57 more | 2024-11-21 | 7.8 High |
| There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | ||||
| CVE-2019-14814 | 6 Canonical, Debian, Linux and 3 more | 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more | 2024-11-21 | 7.8 High |
| There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | ||||
| CVE-2019-14813 | 5 Artifex, Debian, Fedoraproject and 2 more | 13 Ghostscript, Debian Linux, Fedora and 10 more | 2024-11-21 | 9.8 Critical |
| A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14811 | 5 Artifex, Debian, Fedoraproject and 2 more | 7 Ghostscript, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14806 | 2 Opensuse, Palletsprojects | 2 Leap, Werkzeug | 2024-11-21 | 7.5 High |
| Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | ||||
| CVE-2019-14524 | 2 Opensuse, Schismtracker | 3 Backports, Leap, Schism Tracker | 2024-11-21 | 7.8 High |
| An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | ||||
| CVE-2019-14492 | 2 Opencv, Opensuse | 2 Opencv, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. | ||||