Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 2532 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41819 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-01-21 5.0 MEDIUM 7.5 HIGH
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2020-12693 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-01-17 5.1 MEDIUM 8.1 HIGH
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
CVE-2021-46141 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2022-01-16 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2021-46142 4 Debian, Fedoraproject, Opensuse and 1 more 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more 2022-01-16 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2021-4166 5 Debian, Opensuse, Redhat and 2 more 5 Debian Linux, Factory, Enterprise Linux and 2 more 2022-01-15 5.8 MEDIUM 7.1 HIGH
vim is vulnerable to Out-of-bounds Read
CVE-2018-1000613 4 Bouncycastle, Netapp, Opensuse and 1 more 24 Legion-of-the-bouncy-castle-java-crytography-api, Oncommand Workflow Automation, Leap and 21 more 2022-01-14 7.5 HIGH 9.8 CRITICAL
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVE-2021-41817 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-01-11 5.0 MEDIUM 7.5 HIGH
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2013-6424 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more 2022-01-11 5.0 MEDIUM N/A
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
CVE-2020-12402 4 Debian, Fedoraproject, Mozilla and 1 more 4 Debian Linux, Fedora, Firefox and 1 more 2022-01-04 1.2 LOW 4.4 MEDIUM
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
CVE-2019-16712 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVE-2019-16709 3 Canonical, Imagemagick, Opensuse 4 Ubuntu Linux, Imagemagick, Backports and 1 more 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16167 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2022-01-01 4.3 MEDIUM 5.5 MEDIUM
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
CVE-2019-12854 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-01-01 5.0 MEDIUM 7.5 HIGH
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
CVE-2019-13713 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13707 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 4.3 MEDIUM 5.5 MEDIUM
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
CVE-2019-13711 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 5.0 MEDIUM 5.3 MEDIUM
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13705 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
CVE-2019-20053 2 Opensuse, Upx Project 3 Backports, Leap, Upx 2022-01-01 4.3 MEDIUM 5.5 MEDIUM
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVE-2019-13730 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2022-01-01 6.8 MEDIUM 8.8 HIGH
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-13456 4 Freeradius, Linux, Opensuse and 1 more 4 Freeradius, Linux Kernel, Leap and 1 more 2022-01-01 2.9 LOW 6.5 MEDIUM
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.