Opensuse

Backports Sle

326 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-5802

  • EPSS 0.22%
  • Published 23.05.2019 20:29:01
  • Last modified 21.11.2024 04:45:31

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5

CVE-2019-5794

  • EPSS 0.22%
  • Published 23.05.2019 20:29:00
  • Last modified 21.11.2024 04:45:30

Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

7.5

CVE-2019-5796

  • EPSS 7.37%
  • Published 23.05.2019 20:29:00
  • Last modified 21.11.2024 04:45:30

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5

CVE-2019-12221

Exploit
  • EPSS 2.11%
  • Published 20.05.2019 17:29:17
  • Last modified 21.11.2024 04:22:27

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

7.4

CVE-2019-12098

  • EPSS 3.73%
  • Published 15.05.2019 23:29:00
  • Last modified 21.11.2024 04:22:11

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

8.8

CVE-2019-11506

Exploit
  • EPSS 1.72%
  • Published 24.04.2019 21:29:01
  • Last modified 21.11.2024 04:21:13

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact...

8.8

CVE-2019-11505

Exploit
  • EPSS 1.27%
  • Published 24.04.2019 21:29:00
  • Last modified 21.11.2024 04:21:13

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via...

6.5

CVE-2019-11474

  • EPSS 3.09%
  • Published 23.04.2019 14:29:01
  • Last modified 21.11.2024 04:21:09

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Published 20.04.2019 00:29:00
  • Last modified 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

8.1

CVE-2019-9498

  • EPSS 1.06%
  • Published 17.04.2019 14:29:04
  • Last modified 21.11.2024 04:51:44

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar...