Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Total 3164 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18506 5 Canonical, Debian, Mozilla and 2 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2023-03-17 4.3 MEDIUM 5.9 MEDIUM
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.
CVE-2020-27560 3 Debian, Imagemagick, Opensuse 3 Debian Linux, Imagemagick, Leap 2023-03-11 4.3 MEDIUM 3.3 LOW
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVE-2018-1000802 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-03-09 7.5 HIGH 9.8 CRITICAL
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
CVE-2007-5000 6 Apache, Canonical, Fedoraproject and 3 more 7 Http Server, Ubuntu Linux, Fedora and 4 more 2023-03-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-20177 3 Debian, Opensuse, Rdesktop 4 Debian Linux, Backports, Leap and 1 more 2023-03-03 7.5 HIGH 9.8 CRITICAL
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
CVE-2019-12083 3 Fedoraproject, Opensuse, Rust-lang 3 Fedora, Leap, Rust 2023-03-03 6.8 MEDIUM 8.1 HIGH
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
CVE-2019-11884 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2023-03-03 2.1 LOW 3.3 LOW
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
CVE-2019-11459 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2023-03-03 4.3 MEDIUM 5.5 MEDIUM
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
CVE-2019-13616 6 Canonical, Debian, Fedoraproject and 3 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2023-03-03 5.8 MEDIUM 8.1 HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-14806 2 Opensuse, Palletsprojects 2 Leap, Werkzeug 2023-03-03 5.0 MEDIUM 7.5 HIGH
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
CVE-2019-15098 5 Canonical, Debian, Linux and 2 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
CVE-2019-14383 2 Openmpt, Opensuse 2 Libopenmpt, Leap 2023-03-03 4.3 MEDIUM 6.5 MEDIUM
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
CVE-2019-14524 2 Opensuse, Schismtracker 3 Backports, Leap, Schism Tracker 2023-03-03 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.
CVE-2019-15141 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2023-03-03 4.3 MEDIUM 6.5 MEDIUM
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
CVE-2018-20860 2 Openmpt, Opensuse 2 Libopenmpt, Leap 2023-03-03 4.3 MEDIUM 6.5 MEDIUM
libopenmpt before 0.3.13 allows a crash with malformed MED files.
CVE-2019-5460 2 Opensuse, Videolan 3 Backports, Leap, Vlc Media Player 2023-03-03 4.3 MEDIUM 5.5 MEDIUM
Double Free in VLC versions <= 3.0.6 leads to a crash.
CVE-2019-13106 2 Denx, Opensuse 2 U-boot, Leap 2023-03-03 8.3 HIGH 7.8 HIGH
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
CVE-2019-15212 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
CVE-2020-15565 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2023-03-03 6.1 MEDIUM 8.8 HIGH
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.
CVE-2019-15217 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.