Filtered by vendor Opensuse
Subscriptions
Filtered by product Leap
Subscriptions
Total
1919 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20919 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.7 Medium |
| An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | ||||
| CVE-2019-20916 | 5 Debian, Opensuse, Oracle and 2 more | 7 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-11-21 | 7.5 High |
| The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. | ||||
| CVE-2019-20908 | 4 Canonical, Linux, Opensuse and 1 more | 6 Ubuntu Linux, Linux Kernel, Leap and 3 more | 2024-11-21 | 6.7 Medium |
| An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. | ||||
| CVE-2019-20907 | 8 Canonical, Debian, Fedoraproject and 5 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-11-21 | 7.5 High |
| In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | ||||
| CVE-2019-20840 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | ||||
| CVE-2019-20839 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | ||||
| CVE-2019-20810 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-11-21 | 5.5 Medium |
| go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. | ||||
| CVE-2019-20807 | 7 Apple, Canonical, Debian and 4 more | 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more | 2024-11-21 | 5.3 Medium |
| In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | ||||
| CVE-2019-20787 | 2 Opensuse, Teeworlds | 2 Leap, Teeworlds | 2024-11-21 | 9.8 Critical |
| Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. | ||||
| CVE-2019-20637 | 4 Opensuse, Redhat, Varnish-cache and 1 more | 5 Backports Sle, Leap, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | ||||
| CVE-2019-20479 | 5 Debian, Fedoraproject, Openidc and 2 more | 5 Debian Linux, Fedora, Mod Auth Openidc and 2 more | 2024-11-21 | 6.1 Medium |
| A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | ||||
| CVE-2019-20446 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 6.5 Medium |
| In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | ||||
| CVE-2019-20388 | 7 Debian, Fedoraproject, Netapp and 4 more | 34 Debian Linux, Fedora, Cloud Backup and 31 more | 2024-11-21 | 7.5 High |
| xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | ||||
| CVE-2019-20382 | 5 Canonical, Debian, Opensuse and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-11-21 | 3.5 Low |
| QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | ||||
| CVE-2019-20372 | 6 Apple, Canonical, F5 and 3 more | 8 Xcode, Ubuntu Linux, Nginx and 5 more | 2024-11-21 | 5.3 Medium |
| NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | ||||
| CVE-2019-20367 | 4 Canonical, Debian, Freedesktop and 1 more | 4 Ubuntu Linux, Debian Linux, Libbsd and 1 more | 2024-11-21 | 9.1 Critical |
| nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). | ||||
| CVE-2019-20095 | 4 Linux, Netapp, Opensuse and 1 more | 21 Linux Kernel, 8300, 8300 Firmware and 18 more | 2024-11-21 | 5.5 Medium |
| mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | ||||
| CVE-2019-20015 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. | ||||
| CVE-2019-20014 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. | ||||
| CVE-2019-20013 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. | ||||