Vulnerabilities (CVE)

Vendor filter

Opensuse Subscribe

Filter

1178 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6486 3 Golang, Debian, Opensuse 3 Go, Debian Linux, Leap 2019-04-18 6.4
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
CVE-2018-17294 2 Canonical, Opensuse 2 Ubuntu Linux, Leap 2019-04-18 4.3
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file...
CVE-2018-19490 3 Gnuplot, Debian, Opensuse 3 Gnuplot, Debian Linux, Leap 2019-04-18 6.8
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass...
CVE-2018-19491 3 Gnuplot, Debian, Opensuse 3 Gnuplot, Debian Linux, Leap 2019-04-18 6.8
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the...
CVE-2018-19492 3 Gnuplot, Debian, Opensuse 3 Gnuplot, Debian Linux, Leap 2019-04-18 6.8
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed...
CVE-2019-2422 6 Oracle, Netapp, Canonical and 3 more 15 Jdk, Jre, Oncommand Unified Manager and 12 more 2019-04-18 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2019-7308 3 Linux, Canonical, Opensuse 3 Linux Kernel, Ubuntu Linux, Leap 2019-04-18 4.7
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to...
CVE-2019-7638 3 Libsdl, Debian, Opensuse 3 Simple Directmedia Layer, Debian Linux, Leap 2019-04-17 6.8
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
CVE-2019-7637 3 Libsdl, Debian, Opensuse 3 Simple Directmedia Layer, Debian Linux, Leap 2019-04-17 6.8
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
CVE-2019-7636 3 Libsdl, Debian, Opensuse 3 Simple Directmedia Layer, Debian Linux, Leap 2019-04-17 6.8
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-6778 4 Qemu, Opensuse, Canonical and 1 more 4 Qemu, Leap, Ubuntu Linux and 1 more 2019-04-17 4.6
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2019-5736 9 Docker, Google, Linuxcontainers and 6 more 11 Docker, Kubernetes Engine, Lxc and 8 more 2019-04-17 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these...
CVE-2018-20346 5 Google, Sqlite, Debian and 2 more 5 Chrome, Sqlite, Debian Linux and 2 more 2019-04-17 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code...
CVE-2018-14523 3 Aubio, Opensuse, Suse 3 Aubio, Leap, Linux Enterprise 2019-04-17 6.8
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
CVE-2018-14522 3 Aubio, Opensuse, Suse 3 Aubio, Leap, Linux Enterprise 2019-04-17 6.8
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
CVE-2019-7524 4 Dovecot, Debian, Canonical and 1 more 4 Dovecot, Debian Linux, Ubuntu Linux and 1 more 2019-04-17 7.2
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
CVE-2019-3814 3 Dovecot, Canonical, Opensuse 3 Dovecot, Ubuntu Linux, Leap 2019-04-17 4.9
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
CVE-2019-6690 4 Python, Suse, Debian and 1 more 4 Python-gnupg, Backports, Debian Linux and 1 more 2019-04-17 5.0
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a...
CVE-2019-3833 3 Openwsman Project, Fedoraproject, Opensuse 3 Openwsman, Fedora, Leap 2019-04-17 5.0
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP...
CVE-2019-3816 4 Openwsman Project, Fedoraproject, Redhat and 1 more 9 Openwsman, Fedora, Enterprise Linux Desktop and 6 more 2019-04-17 5.0
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending...