Vulnerabilities > Opensuse > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2015-5334 Out-of-bounds Write vulnerability in multiple products
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow.
network
low complexity
openbsd opensuse CWE-787
critical
 9.8
9.8
2020-01-17 CVE-2019-17361 Command Injection vulnerability in multiple products
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection.
network
low complexity
saltstack debian opensuse canonical CWE-77
critical
 9.8
9.8
2020-01-08 CVE-2019-20367 Out-of-bounds Read vulnerability in multiple products
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
network
low complexity
freedesktop debian canonical opensuse CWE-125
critical
 9.1
9.1
2019-12-24 CVE-2019-19953 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
network
low complexity
graphicsmagick debian opensuse CWE-125
critical
 9.1
9.1
2019-12-24 CVE-2019-19951 Out-of-bounds Write vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
network
low complexity
graphicsmagick debian opensuse CWE-787
critical
 9.8
9.8
2019-12-24 CVE-2019-19950 Use After Free vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
network
low complexity
graphicsmagick debian opensuse CWE-416
critical
 9.8
9.8
2019-12-24 CVE-2019-19949 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
network
low complexity
imagemagick debian opensuse canonical CWE-125
critical
 9.1
9.1
2019-12-24 CVE-2019-19948 Out-of-bounds Write vulnerability in multiple products
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
network
low complexity
imagemagick debian opensuse canonical CWE-787
critical
 9.8
9.8
2019-12-20 CVE-2019-17571 Deserialization of Untrusted Data vulnerability in multiple products
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
network
low complexity
apache debian canonical opensuse netapp oracle CWE-502
critical
 9.8
9.8
2019-11-29 CVE-2019-14895 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver.
network
low complexity
linux debian canonical fedoraproject opensuse
critical
 9.8
9.8