Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Total 3164 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5163 2 Opensuse, Shadowsocks 3 Backports, Leap, Shadowsocks-libev 2022-06-17 4.3 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
CVE-2019-5164 2 Opensuse, Shadowsocks 3 Backports Sle, Leap, Shadowsocks-libev 2022-06-17 4.6 MEDIUM 7.8 HIGH
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
CVE-2020-25829 2 Opensuse, Powerdns 3 Backports Sle, Leap, Recursor 2022-06-14 5.0 MEDIUM 7.5 HIGH
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
CVE-2017-17740 4 Mcafee, Openldap, Opensuse and 1 more 4 Policy Auditor, Openldap, Leap and 1 more 2022-06-13 5.0 MEDIUM 7.5 HIGH
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
CVE-2018-20545 4 Canonical, Fedoraproject, Libcaca Project and 1 more 4 Ubuntu Linux, Fedora, Libcaca and 1 more 2022-06-13 6.8 MEDIUM 8.8 HIGH
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
CVE-2018-20546 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-06-13 5.8 MEDIUM 8.1 HIGH
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
CVE-2019-5021 4 Alpinelinux, F5, Gliderlabs and 1 more 4 Alpine Linux, Big-ip Controller, Docker-alpine and 1 more 2022-06-13 10.0 HIGH 9.8 CRITICAL
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
CVE-2019-13057 7 Apple, Canonical, Debian and 4 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2022-06-13 3.5 LOW 4.9 MEDIUM
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
CVE-2019-13565 7 Apple, Canonical, Debian and 4 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2022-06-13 5.0 MEDIUM 7.5 HIGH
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
CVE-2020-8620 4 Canonical, Isc, Netapp and 1 more 4 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 1 more 2022-06-02 5.0 MEDIUM 7.5 HIGH
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
CVE-2016-9427 3 Bdwgc Project, Debian, Opensuse 4 Bdwgc, Debian Linux, Leap and 1 more 2022-06-01 7.5 HIGH 9.8 CRITICAL
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
CVE-2020-4031 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-06-01 4.3 MEDIUM 7.5 HIGH
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.
CVE-2020-4032 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-06-01 4.3 MEDIUM 4.3 MEDIUM
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.
CVE-2020-4033 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-06-01 6.4 MEDIUM 6.5 MEDIUM
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.
CVE-2019-9771 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2022-05-25 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.
CVE-2019-9773 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2022-05-25 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
CVE-2019-9775 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2022-05-25 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
CVE-2019-9772 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2022-05-25 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.
CVE-2019-9774 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2022-05-25 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
CVE-2019-9777 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2022-05-25 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.