Vulnerabilities > Opensuse > Leap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-31 | CVE-2019-19927 | Out-of-bounds Read vulnerability in multiple products In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. | 6.0 |
| 2019-12-30 | CVE-2019-20095 | Memory Leak vulnerability in multiple products mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. | 5.5 |
| 2019-12-27 | CVE-2019-20053 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | 5.5 |
| 2019-12-27 | CVE-2019-20015 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. | 6.5 |
| 2019-12-27 | CVE-2019-20013 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG before 0.93. | 6.5 |
| 2019-12-27 | CVE-2019-20012 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. | 6.5 |
| 2019-12-27 | CVE-2019-20009 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG before 0.93. | 6.5 |
| 2019-12-25 | CVE-2019-19966 | Use After Free vulnerability in multiple products In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | 4.6 |
| 2019-12-25 | CVE-2019-19965 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | 4.7 |
| 2019-12-23 | CVE-2019-18391 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. | 5.5 |