Vulnerabilities > Opensuse > Leap > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-11 CVE-2019-12838 SQL Injection vulnerability in multiple products
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
network
low complexity
schedmd debian fedoraproject opensuse CWE-89
critical
 9.8
9.8
2019-06-19 CVE-2019-12900 Out-of-bounds Write vulnerability in multiple products
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
network
low complexity
bzip debian opensuse canonical freebsd python CWE-787
critical
 9.8
9.8
2019-06-19 CVE-2019-11039 Integer Overflow or Wraparound vulnerability in multiple products
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers.
network
low complexity
php redhat opensuse debian CWE-190
critical
 9.1
9.1
2019-06-19 CVE-2019-11040 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
network
low complexity
php redhat opensuse debian CWE-125
critical
 9.1
9.1
2019-06-14 CVE-2019-10126 A flaw was found in the Linux kernel.
network
low complexity
linux redhat canonical debian opensuse netapp
critical
 9.8
9.8
2019-06-07 CVE-2019-10160 A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL.
network
low complexity
python redhat debian opensuse fedoraproject canonical netapp
critical
 9.8
9.8
2019-05-30 CVE-2019-8457 Out-of-bounds Read vulnerability in multiple products
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
network
low complexity
sqlite canonical opensuse fedoraproject CWE-125
critical
 9.8
9.8
2019-05-29 CVE-2019-12450 Incorrect Default Permissions vulnerability in multiple products
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.
network
low complexity
gnome debian redhat canonical opensuse fedoraproject CWE-276
critical
 9.8
9.8
2019-05-08 CVE-2019-5021 Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user.
network
low complexity
gliderlabs opensuse f5
critical
 9.8
9.8
2019-05-03 CVE-2019-11036 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php fedoraproject redhat canonical debian opensuse CWE-125
critical
 9.1
9.1