Vulnerabilities > Opensuse > Leap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-08 | CVE-2019-11008 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | 8.8 |
| 2019-04-08 | CVE-2019-11007 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | 8.1 |
| 2019-04-08 | CVE-2019-11006 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. | 9.1 |
| 2019-04-08 | CVE-2019-11005 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. | 9.8 |
| 2019-04-07 | CVE-2019-10740 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
| 2019-04-07 | CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 |
| 2019-04-04 | CVE-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. | 5.4 |
| 2019-04-03 | CVE-2018-20506 | Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | 8.1 |
| 2019-04-01 | CVE-2019-3836 | Access of Uninitialized Pointer vulnerability in multiple products It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | 7.5 |
| 2019-03-28 | CVE-2019-5739 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. | 7.5 |