Vulnerabilities > Opensuse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-23 | CVE-2019-19926 | NULL Pointer Dereference vulnerability in multiple products multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. | 7.5 |
| 2019-12-20 | CVE-2019-19918 | Out-of-bounds Write vulnerability in multiple products Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. | 7.8 |
| 2019-12-20 | CVE-2019-19917 | Classic Buffer Overflow vulnerability in multiple products Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. | 7.8 |
| 2019-12-20 | CVE-2019-17571 | Deserialization of Untrusted Data vulnerability in multiple products Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. | 9.8 |
| 2019-12-18 | CVE-2019-16782 | Information Exposure Through Discrepancy vulnerability in multiple products There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). | 5.9 |
| 2019-12-18 | CVE-2019-19880 | NULL Pointer Dereference vulnerability in multiple products exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | 7.5 |
| 2019-12-17 | CVE-2014-8179 | Improper Input Validation vulnerability in multiple products Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | 7.5 |
| 2019-12-17 | CVE-2014-8178 | Improper Input Validation vulnerability in multiple products Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | 5.5 |
| 2019-12-16 | CVE-2019-16779 | Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. | 5.9 |
| 2019-12-13 | CVE-2014-3495 | Improper Certificate Validation vulnerability in multiple products duplicity 0.6.24 has improper verification of SSL certificates | 7.5 |