Opensuse

Backports Sle

326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-18622

  • EPSS 0.88%
  • Veröffentlicht 22.11.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:33:23

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

6.5

CVE-2019-10206

  • EPSS 0.21%
  • Veröffentlicht 22.11.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:39

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped t...

9.8

CVE-2019-17545

  • EPSS 2.39%
  • Veröffentlicht 14.10.2019 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:29

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

9.8

CVE-2019-17455

Exploit
  • EPSS 7.08%
  • Veröffentlicht 10.10.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:21

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a craf...

7.8

CVE-2019-14846

  • EPSS 0.14%
  • Veröffentlicht 08.10.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 04:27:29

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBU...

6.5

CVE-2019-11779

  • EPSS 7.12%
  • Veröffentlicht 19.09.2019 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:21:46

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

7.5

CVE-2019-16159

  • EPSS 4.29%
  • Veröffentlicht 09.09.2019 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:30:10

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the ...

7.5

CVE-2016-10937

  • EPSS 0.32%
  • Veröffentlicht 08.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 02:45:07

IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.

7.8

CVE-2019-14744

Medienbericht Exploit
  • EPSS 1.31%
  • Veröffentlicht 07.08.2019 15:15:13
  • Zuletzt bearbeitet 21.11.2024 04:27:15

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated ...

8.8

CVE-2019-5057

  • EPSS 1.98%
  • Veröffentlicht 31.07.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:15

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image t...