Vulnerabilities > Opensuse > Backports SLE > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-10 CVE-2019-17455 Out-of-bounds Read vulnerability in multiple products
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
network
low complexity
nongnu debian canonical fedoraproject opensuse CWE-125
critical
 9.8
9.8
2019-07-18 CVE-2019-13962 Out-of-bounds Read vulnerability in multiple products
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
network
low complexity
videolan opensuse debian canonical CWE-125
critical
 9.8
9.8
2019-03-14 CVE-2019-9774 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.
network
low complexity
gnu opensuse CWE-125
critical
 9.1
9.1
2019-03-14 CVE-2019-9775 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645.
network
low complexity
gnu opensuse CWE-125
critical
 9.1
9.1
2019-02-28 CVE-2019-9215 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
network
low complexity
live555 opensuse debian
critical
 9.8
9.8
2019-02-20 CVE-2019-7164 SQL Injection vulnerability in multiple products
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
network
low complexity
sqlalchemy debian opensuse redhat oracle CWE-89
critical
 9.8
9.8