Vulnerabilities > Opensuse > Backports SLE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-22 | CVE-2019-18622 | SQL Injection vulnerability in multiple products An issue was discovered in phpMyAdmin before 4.9.2. | 9.8 |
| 2019-11-22 | CVE-2019-10206 | Insufficiently Protected Credentials vulnerability in multiple products ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. | 6.5 |
| 2019-10-14 | CVE-2019-17545 | Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 |
| 2019-10-10 | CVE-2019-17455 | Out-of-bounds Read vulnerability in multiple products Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | 9.8 |
| 2019-10-08 | CVE-2019-14846 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. | 7.8 |
| 2019-09-19 | CVE-2019-11779 | Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. | 6.5 |
| 2019-09-09 | CVE-2019-16159 | Out-of-bounds Write vulnerability in multiple products BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. | 7.5 |
| 2019-09-08 | CVE-2016-10937 | Improper Certificate Validation vulnerability in multiple products IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | 7.5 |
| 2019-08-07 | CVE-2019-14744 | OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. | 7.8 |
| 2019-07-31 | CVE-2019-5060 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. | 8.8 |