CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Opensuse : Security Vulnerabilities (CVSS score between 6 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-13627 362 2019-09-25 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
2 CVE-2019-11235 345 2019-04-22 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
3 CVE-2019-11008 119 DoS Overflow 2019-04-08 2019-05-22
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
4 CVE-2019-11006 119 DoS Overflow 2019-04-08 2019-05-01
6.4
None Remote Low Not required Partial None Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
5 CVE-2019-11005 119 DoS Overflow 2019-04-08 2019-05-01
7.5
None Remote Low Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
6 CVE-2019-9948 254 Bypass 2019-03-23 2019-06-18
6.4
None Remote Low Not required Partial Partial None
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
7 CVE-2019-9898 327 2019-03-21 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
8 CVE-2019-9894 320 2019-03-21 2019-04-26
6.4
None Remote Low Not required None Partial Partial
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
9 CVE-2019-9675 119 Overflow 2019-03-11 2019-06-03
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible."
10 CVE-2019-9641 119 Overflow 2019-03-08 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
11 CVE-2019-9023 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
12 CVE-2019-9021 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
13 CVE-2019-9020 125 2019-02-22 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
14 CVE-2019-8980 399 DoS 2019-02-21 2019-05-06
7.8
None Remote Low Not required None None Complete
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
15 CVE-2019-8907 119 DoS Overflow 2019-02-18 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
16 CVE-2019-8906 125 2019-02-18 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
17 CVE-2019-8905 125 2019-02-18 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
18 CVE-2019-8375 119 DoS Overflow 2019-02-24 2019-05-09
7.5
None Remote Low Not required Partial Partial Partial
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
19 CVE-2019-7638 125 2019-02-08 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
20 CVE-2019-7637 119 Overflow 2019-02-08 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
21 CVE-2019-7636 125 2019-02-08 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
22 CVE-2019-7635 125 2019-02-08 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
23 CVE-2019-7578 125 2019-02-07 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
24 CVE-2019-7577 125 2019-02-07 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
25 CVE-2019-7576 125 2019-02-07 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
26 CVE-2019-7575 119 Overflow 2019-02-07 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
27 CVE-2019-7574 125 2019-02-07 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
28 CVE-2019-7573 125 2019-02-07 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
29 CVE-2019-7572 125 2019-02-07 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
30 CVE-2019-7524 119 Overflow 2019-03-28 2019-06-13
7.2
None Local Low Not required Complete Complete Complete
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
31 CVE-2019-6486 400 DoS 2019-01-24 2019-06-03
6.4
None Remote Low Not required Partial None Partial
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
32 CVE-2019-6438 264 2019-01-31 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.
33 CVE-2019-6128 399 2019-01-11 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
34 CVE-2019-6116 20 Exec Code 2019-03-21 2019-09-24
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
35 CVE-2019-5836 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
36 CVE-2019-5831 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
37 CVE-2019-5829 416 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
38 CVE-2019-5828 416 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
39 CVE-2019-5827 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
40 CVE-2019-5824 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
41 CVE-2019-5822 284 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
42 CVE-2019-5821 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
43 CVE-2019-5820 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
44 CVE-2019-5817 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
45 CVE-2019-5816 664 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
46 CVE-2019-5811 19 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
47 CVE-2019-5807 119 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
48 CVE-2019-5806 190 Overflow 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
49 CVE-2019-3863 787 2019-03-25 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
50 CVE-2019-3862 125 DoS 2019-03-21 2019-04-15
6.4
None Remote Low Not required Partial None Partial
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Total number of vulnerabilities : 468   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.