Vulnerabilities > Suse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-27 | CVE-2019-9211 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | 6.5 |
| 2019-01-03 | CVE-2018-16876 | Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | 5.3 |
| 2018-11-26 | CVE-2018-19542 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in JasPer 2.0.14. | 6.5 |
| 2018-11-26 | CVE-2018-19539 | Reachable Assertion vulnerability in multiple products An issue was discovered in JasPer 2.0.14. | 6.5 |
| 2018-11-12 | CVE-2018-19208 | NULL Pointer Dereference vulnerability in multiple products In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. | 6.5 |
| 2018-10-31 | CVE-2018-18873 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in JasPer 2.0.14. | 5.5 |
| 2018-10-23 | CVE-2018-18585 | NULL Pointer Dereference vulnerability in multiple products chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | 4.3 |
| 2018-10-23 | CVE-2018-18584 | Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787 | 6.5 |
| 2018-06-08 | CVE-2011-4190 | Cryptographic Issues vulnerability in Suse products The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. | 5.3 |
| 2018-03-01 | CVE-2017-14804 | Improper Input Validation vulnerability in multiple products The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | 5.3 |