Vulnerabilities > Opensuse > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-04 | CVE-2017-5333 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | 7.8 |
2019-11-04 | CVE-2017-5332 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 7.8 |
2019-11-04 | CVE-2017-5331 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 7.8 |
2019-11-04 | CVE-2019-18683 | Use After Free vulnerability in multiple products An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. | 7.0 |
2019-11-01 | CVE-2019-6470 | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. | 7.5 |
2019-10-31 | CVE-2019-5010 | NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. | 7.5 |
2019-10-31 | CVE-2019-18421 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. | 7.5 |
2019-10-24 | CVE-2019-17596 | Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. | 7.5 |
2019-10-21 | CVE-2019-17498 | Integer Overflow or Wraparound vulnerability in multiple products In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. | 8.1 |
2019-10-21 | CVE-2019-18218 | Out-of-bounds Write vulnerability in multiple products cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | 7.8 |