Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2020-02-10 CVE-2020-7060 Out-of-bounds Read vulnerability in multiple products
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
 9.1
9.1
2020-02-10 CVE-2020-7059 Out-of-bounds Read vulnerability in multiple products
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
 9.1
9.1
2020-02-07 CVE-2020-1700 Resource Exhaustion vulnerability in multiple products
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects.
network
low complexity
ceph redhat opensuse canonical CWE-400
6.5
6.5
2020-02-07 CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
network
low complexity
nodejs oracle debian redhat opensuse
critical
 9.8
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
 9.8
9.8
2020-02-07 CVE-2019-15604 Improper Certificate Validation vulnerability in multiple products
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
network
low complexity
nodejs debian opensuse redhat oracle CWE-295
7.5
7.5
2020-02-06 CVE-2020-8608 Classic Buffer Overflow vulnerability in multiple products
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
network
high complexity
libslirp-project debian opensuse CWE-120
5.6
5.6
2020-02-06 CVE-2014-2030 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
network
low complexity
imagemagick canonical opensuse CWE-787
8.8
8.8
2020-02-06 CVE-2014-1958 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
network
low complexity
imagemagick canonical opensuse CWE-120
8.8
8.8
2020-02-06 CVE-2020-8649 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
low complexity
linux opensuse debian CWE-416
5.9
5.9