Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Total 3164 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16713 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2022-04-22 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
CVE-2019-16710 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2022-04-22 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
CVE-2019-16711 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2022-04-22 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
CVE-2019-16708 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2022-04-22 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2018-10923 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-22 5.5 MEDIUM 8.1 HIGH
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
CVE-2018-10914 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-22 4.0 MEDIUM 6.5 MEDIUM
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
CVE-2020-10942 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2022-04-22 5.4 MEDIUM 5.3 MEDIUM
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVE-2018-10911 4 Debian, Gluster, Opensuse and 1 more 7 Debian Linux, Glusterfs, Leap and 4 more 2022-04-22 5.0 MEDIUM 7.5 HIGH
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
CVE-2019-17185 2 Freeradius, Opensuse 2 Freeradius, Leap 2022-04-22 5.0 MEDIUM 7.5 HIGH
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
CVE-2020-10018 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-04-22 7.5 HIGH 9.8 CRITICAL
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
CVE-2020-7598 2 Opensuse, Substack 2 Leap, Minimist 2022-04-22 6.8 MEDIUM 5.6 MEDIUM
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
CVE-2020-0556 4 Bluez, Canonical, Debian and 1 more 4 Bluez, Ubuntu Linux, Debian Linux and 1 more 2022-04-22 5.8 MEDIUM 7.1 HIGH
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
CVE-2018-10913 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-22 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CVE-2018-10904 4 Debian, Gluster, Opensuse and 1 more 5 Debian Linux, Glusterfs, Leap and 2 more 2022-04-22 6.5 MEDIUM 8.8 HIGH
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
CVE-2020-8927 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2022-04-22 6.4 MEDIUM 6.5 MEDIUM
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
CVE-2020-6447 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-04-22 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-10711 5 Canonical, Debian, Linux and 2 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2022-04-22 4.3 MEDIUM 5.9 MEDIUM
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
CVE-2020-6444 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-04-22 6.8 MEDIUM 6.3 MEDIUM
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6434 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-04-22 6.8 MEDIUM 8.8 HIGH
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6438 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-04-22 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.