Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2019-08-07 CVE-2019-14744 OS Command Injection vulnerability in multiple products
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. 		7.8
7.8
2019-08-06 CVE-2019-13106 Out-of-bounds Write vulnerability in multiple products
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
local
low complexity
denx opensuse CWE-787
7.8
7.8
2019-08-06 CVE-2019-13104 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
local
low complexity
denx opensuse CWE-191
7.8
7.8
2019-08-02 CVE-2019-14235 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-674
7.5
7.5
2019-08-02 CVE-2019-14233 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-400
7.5
7.5
2019-08-02 CVE-2019-14232 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-400
7.5
7.5
2019-08-02 CVE-2019-14524 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Schism Tracker through 20190722.
local
low complexity
schismtracker opensuse CWE-787
7.8
7.8
2019-08-01 CVE-2019-14492 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1.
network
low complexity
opencv opensuse CWE-787
7.5
7.5
2019-07-31 CVE-2019-10185 It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file.
network
low complexity
icedtea-web-project debian opensuse
8.6
8.6
2019-07-31 CVE-2019-10181 It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification.
network
high complexity
icedtea-web-project debian opensuse
8.1
8.1