Opensuse

Backports Sle

326 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-18622

  • EPSS 0.88%
  • Published 22.11.2019 21:15:10
  • Last modified 21.11.2024 04:33:23

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

6.5

CVE-2019-10206

  • EPSS 0.21%
  • Published 22.11.2019 13:15:11
  • Last modified 21.11.2024 04:18:39

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped t...

9.8

CVE-2019-17545

  • EPSS 2.39%
  • Published 14.10.2019 02:15:11
  • Last modified 21.11.2024 04:32:29

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

9.8

CVE-2019-17455

Exploit
  • EPSS 7.08%
  • Published 10.10.2019 18:15:11
  • Last modified 21.11.2024 04:32:21

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a craf...

7.8

CVE-2019-14846

  • EPSS 0.14%
  • Published 08.10.2019 19:15:10
  • Last modified 21.11.2024 04:27:29

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBU...

6.5

CVE-2019-11779

  • EPSS 7.12%
  • Published 19.09.2019 14:15:10
  • Last modified 21.11.2024 04:21:46

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

7.5

CVE-2019-16159

  • EPSS 5.3%
  • Published 09.09.2019 15:15:12
  • Last modified 21.11.2024 04:30:10

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the ...

7.5

CVE-2016-10937

  • EPSS 0.32%
  • Published 08.09.2019 16:15:11
  • Last modified 21.11.2024 02:45:07

IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.

7.8

CVE-2019-14744

Media report Exploit
  • EPSS 1.31%
  • Published 07.08.2019 15:15:13
  • Last modified 21.11.2024 04:27:15

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated ...

8.8

CVE-2019-5057

  • EPSS 1.98%
  • Published 31.07.2019 17:15:11
  • Last modified 21.11.2024 04:44:15

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image t...