Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensuse Subscribe
Filtered by product Leap
Total 1874 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6128 4 Canonical, Debian, Libtiff and 1 more 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2019-1787 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
CVE-2019-12972 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVE-2019-14250 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14275 3 Debian, Opensuse, Xfig Project 3 Debian Linux, Leap, Fig2dev 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
CVE-2019-14444 4 Canonical, Gnu, Netapp and 1 more 5 Ubuntu Linux, Binutils, Hci Management Node and 2 more 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2020-12803 3 Fedoraproject, Libreoffice, Opensuse 3 Fedora, Libreoffice, Leap 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
CVE-2019-19921 5 Canonical, Debian, Linuxfoundation and 2 more 5 Ubuntu Linux, Debian Linux, Runc and 2 more 2023-03-01 4.4 MEDIUM 7.0 HIGH
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
CVE-2019-13626 4 Debian, Fedoraproject, Libsdl and 1 more 4 Debian Linux, Fedora, Libsdl and 1 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-11506 4 Canonical, Debian, Graphicsmagick and 1 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
CVE-2019-11505 4 Canonical, Debian, Graphicsmagick and 1 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
CVE-2019-11499 3 Dovecot, Fedoraproject, Opensuse 3 Dovecot, Fedora, Leap 2023-03-01 5.0 MEDIUM 7.5 HIGH
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
CVE-2019-11494 3 Dovecot, Fedoraproject, Opensuse 3 Dovecot, Fedora, Leap 2023-03-01 5.0 MEDIUM 7.5 HIGH
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
CVE-2019-11474 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
CVE-2019-11008 4 Canonical, Debian, Graphicsmagick and 1 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2019-11007 4 Canonical, Debian, Graphicsmagick and 1 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2023-03-01 5.8 MEDIUM 8.1 HIGH
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
CVE-2019-10906 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Leap and 2 more 2023-03-01 5.0 MEDIUM 8.6 HIGH
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
CVE-2019-15213 3 Linux, Netapp, Opensuse 8 Linux Kernel, Active Iq Unified Manager, Baseboard Management Controller H410c and 5 more 2023-02-28 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
CVE-2019-15211 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-02-28 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.
CVE-2019-7222 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2023-02-28 2.1 LOW 5.5 MEDIUM
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.