Vulnerabilities > Opensuse > Backports SLE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-9498 | Improper Authentication vulnerability in multiple products The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. | 8.1 |
| 2019-04-17 | CVE-2019-9495 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. | 3.7 |
| 2019-04-17 | CVE-2019-9494 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. | 5.9 |
| 2019-04-08 | CVE-2019-11008 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | 8.8 |
| 2019-04-08 | CVE-2019-11007 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | 8.1 |
| 2019-04-07 | CVE-2019-10740 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
| 2019-03-21 | CVE-2019-9896 | Uncontrolled Search Path Element vulnerability in multiple products In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | 7.8 |
| 2019-03-14 | CVE-2019-9779 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. | 7.5 |
| 2019-03-14 | CVE-2019-9778 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. | 7.5 |
| 2019-03-14 | CVE-2019-9777 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. | 7.5 |