Filtered by vendor Opensuse
Subscribe
Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5188 | 6 Canonical, Debian, E2fsprogs Project and 3 more | 8 Ubuntu Linux, Debian Linux, E2fsprogs and 5 more | 2024-11-21 | 4.4 MEDIUM | 7.5 HIGH |
| A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | |||||
| CVE-2019-5164 | 2 Opensuse, Shadowsocks | 3 Backports Sle, Leap, Shadowsocks-libev | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | |||||
| CVE-2019-5163 | 2 Opensuse, Shadowsocks | 3 Backports, Leap, Shadowsocks-libev | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. | |||||
| CVE-2019-5068 | 4 Canonical, Debian, Mesa3d and 1 more | 4 Ubuntu Linux, Debian Linux, Mesa and 1 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. | |||||
| CVE-2019-5060 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5059 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5058 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5057 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5052 | 4 Canonical, Debian, Libsdl and 1 more | 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | |||||
| CVE-2019-5051 | 4 Canonical, Debian, Libsdl and 1 more | 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | |||||
| CVE-2019-5021 | 4 Alpinelinux, F5, Gliderlabs and 1 more | 4 Alpine Linux, Big-ip Controller, Docker-alpine and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. | |||||
| CVE-2019-5010 | 4 Debian, Opensuse, Python and 1 more | 7 Debian Linux, Leap, Python and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. | |||||
| CVE-2019-3886 | 3 Fedoraproject, Opensuse, Redhat | 3 Fedora, Leap, Libvirt | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | |||||
| CVE-2019-3882 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. | |||||
| CVE-2019-3880 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. | |||||
| CVE-2019-3863 | 5 Debian, Libssh2, Netapp and 2 more | 10 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 7 more | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. | |||||
| CVE-2019-3862 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2024-11-21 | 6.4 MEDIUM | 7.3 HIGH |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3861 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 6.4 MEDIUM | 5.0 MEDIUM |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3860 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 6.4 MEDIUM | 5.0 MEDIUM |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
| CVE-2019-3859 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2024-11-21 | 6.4 MEDIUM | 5.0 MEDIUM |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||