Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2019-03-07 CVE-2018-14498 Out-of-bounds Read vulnerability in multiple products
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. 		6.5
6.5
2019-03-05 CVE-2019-9213 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms.
local
low complexity
linux debian redhat opensuse canonical CWE-476
5.5
5.5
2019-03-05 CVE-2018-19640 Improper Input Validation vulnerability in Opensuse Supportutils 3.0.1095.51.1
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g.
local
low complexity
opensuse CWE-20
5.5
5.5
2019-03-05 CVE-2018-19639 Unspecified vulnerability in Opensuse Supportutils 3.0.1095.51.1
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g.
local
low complexity
opensuse
7.8
7.8
2019-03-05 CVE-2018-19638 Link Following vulnerability in Opensuse Supportutils 3.0.1095.51.1
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
local
high complexity
opensuse CWE-59
4.7
4.7
2019-03-05 CVE-2018-19637 Link Following vulnerability in Opensuse Supportutils 3.0.1095.51.1
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
local
low complexity
opensuse CWE-59
5.5
5.5
2019-03-05 CVE-2018-19636 Improper Input Validation vulnerability in Opensuse Supportutils 3.0.1095.51.1
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary.
local
low complexity
opensuse CWE-20
7.8
7.8
2019-02-28 CVE-2019-9215 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
network
low complexity
live555 opensuse debian
critical
 9.8
9.8
2019-02-28 CVE-2019-9209 Off-by-one Error vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash.
local
low complexity
wireshark debian canonical opensuse CWE-193
5.5
5.5
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. 		5.9
5.9