Vulnerabilities > Opensuse > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-02-20 CVE-2019-7164 SQL Injection vulnerability in multiple products
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
network
low complexity
sqlalchemy debian opensuse redhat oracle CWE-89
critical
 9.8
9.8
2019-02-15 CVE-2019-8341 Code Injection vulnerability in multiple products
An issue was discovered in Jinja2 2.10.
network
low complexity
pocoo opensuse CWE-94
critical
 9.8
9.8
2019-02-05 CVE-2018-8800 Out-of-bounds Write vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-787
critical
 9.8
9.8
2019-02-05 CVE-2018-8797 Out-of-bounds Write vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-787
critical
 9.8
9.8
2019-02-05 CVE-2018-8795 Integer Overflow or Wraparound vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-190
critical
 9.8
9.8
2019-02-05 CVE-2018-8794 Integer Overflow or Wraparound vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-190
critical
 9.8
9.8
2019-02-05 CVE-2018-8793 Out-of-bounds Write vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-787
critical
 9.8
9.8
2019-01-31 CVE-2019-6438 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.
network
low complexity
schedmd opensuse
critical
 9.8
9.8
2018-12-26 CVE-2018-19873 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
low complexity
qt opensuse debian canonical CWE-119
critical
 9.8
9.8
2018-10-09 CVE-2018-12474 Improper Input Validation vulnerability in Opensuse TAR SCM
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations.
network
low complexity
opensuse CWE-20
critical
 9.8
9.8