Filtered by vendor Opensuse
Subscribe
Total
3251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13057 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2022-06-13 | 3.5 LOW | 4.9 MEDIUM |
| An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) | |||||
| CVE-2020-8620 | 4 Canonical, Isc, Netapp and 1 more | 4 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 1 more | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | |||||
| CVE-2016-9427 | 3 Bdwgc Project, Debian, Opensuse | 4 Bdwgc, Debian Linux, Leap and 1 more | 2022-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. | |||||
| CVE-2019-9771 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. | |||||
| CVE-2019-9772 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. | |||||
| CVE-2019-9773 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. | |||||
| CVE-2019-9774 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c. | |||||
| CVE-2019-9775 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. | |||||
| CVE-2019-9776 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779). | |||||
| CVE-2019-9777 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec. | |||||
| CVE-2019-9778 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. | |||||
| CVE-2019-9779 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776). | |||||
| CVE-2019-9770 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. | |||||
| CVE-2020-8233 | 2 Opensuse, Ui | 14 Backports Sle, Leap, Edgeswitch Firmware and 11 more | 2022-05-24 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. | |||||
| CVE-2020-8165 | 3 Debian, Opensuse, Rubyonrails | 3 Debian Linux, Leap, Rails | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | |||||
| CVE-2020-8164 | 3 Debian, Opensuse, Rubyonrails | 4 Debian Linux, Backports Sle, Leap and 1 more | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | |||||
| CVE-2021-26675 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2022-05-23 | 5.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | |||||
| CVE-2019-7317 | 11 Canonical, Debian, Hp and 8 more | 33 Ubuntu Linux, Debian Linux, Xp7 Command View and 30 more | 2022-05-23 | 2.6 LOW | 5.3 MEDIUM |
| png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||||
| CVE-2015-4142 | 3 Opensuse, Redhat, W1.fi | 7 Opensuse, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2022-05-17 | 4.3 MEDIUM | N/A |
| Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. | |||||
| CVE-2020-14798 | 4 Debian, Netapp, Opensuse and 1 more | 17 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 14 more | 2022-05-13 | 2.6 LOW | 3.1 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||