Vulnerabilities > Opensuse > Backports SLE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-19 | CVE-2019-11779 | Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. | 6.5 |
| 2019-07-26 | CVE-2019-14274 | Out-of-bounds Write vulnerability in multiple products MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. | 5.5 |
| 2019-05-23 | CVE-2019-5802 | Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2019-05-23 | CVE-2019-5794 | Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2019-05-20 | CVE-2019-12221 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. | 6.5 |
| 2019-04-23 | CVE-2019-11474 | Incorrect Calculation vulnerability in multiple products coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | 6.5 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
| 2019-04-17 | CVE-2019-9494 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. | 5.9 |
| 2019-04-07 | CVE-2019-10740 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
| 2019-03-13 | CVE-2019-9752 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. | 5.4 |