Vulnerabilities > Opensuse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-29 | CVE-2019-12450 | Incorrect Default Permissions vulnerability in multiple products file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. | 9.8 |
| 2019-05-08 | CVE-2019-5021 | Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. | 9.8 |
| 2019-05-03 | CVE-2019-11036 | Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. | 9.1 |
| 2019-04-30 | CVE-2019-11627 | OS Command Injection vulnerability in multiple products gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. | 9.8 |
| 2019-04-22 | CVE-2019-11235 | Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. | 9.8 |
| 2019-04-18 | CVE-2019-11035 | Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. | 9.1 |
| 2019-04-18 | CVE-2019-11034 | Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. | 9.1 |
| 2019-04-10 | CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. | 9.8 |
| 2019-04-08 | CVE-2019-11006 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. | 9.1 |
| 2019-04-08 | CVE-2019-11005 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. | 9.8 |