Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Total 2381 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10181 3 Debian, Icedtea-web Project, Opensuse 3 Debian Linux, Icedtea-web, Leap 2021-07-24 6.8 MEDIUM 8.1 HIGH
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
CVE-2019-10185 3 Debian, Icedtea-web Project, Opensuse 3 Debian Linux, Icedtea-web, Leap 2021-07-24 6.4 MEDIUM 8.6 HIGH
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
CVE-2019-11050 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-07-22 6.4 MEDIUM 6.5 MEDIUM
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-7069 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-07-22 6.4 MEDIUM 6.5 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2019-11045 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-07-22 4.3 MEDIUM 5.9 MEDIUM
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
CVE-2019-11042 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2021-07-22 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-7064 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2021-07-22 5.8 MEDIUM 5.4 MEDIUM
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7070 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-07-22 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2019-11041 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2021-07-22 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-9640 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-17005 2 Mozilla, Opensuse 4 Firefox, Firefox Esr, Thunderbird and 1 more 2021-07-21 6.8 MEDIUM 8.8 HIGH
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-0160 2 Opensuse, Tianocore 2 Leap, Edk Ii 2021-07-21 7.5 HIGH 9.8 CRITICAL
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2019-17177 2 Freerdp, Opensuse 2 Freerdp, Leap 2021-07-21 5.0 MEDIUM 7.5 HIGH
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
CVE-2019-15031 4 Canonical, Linux, Opensuse and 1 more 4 Ubuntu Linux, Linux Kernel, Leap and 1 more 2021-07-21 3.6 LOW 4.4 MEDIUM
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.
CVE-2019-9638 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9898 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more 2021-07-21 7.5 HIGH 9.8 CRITICAL
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
CVE-2019-17010 2 Mozilla, Opensuse 4 Firefox, Firefox Esr, Thunderbird and 1 more 2021-07-21 5.1 MEDIUM 7.5 HIGH
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-20908 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2021-07-21 6.9 MEDIUM 6.7 MEDIUM
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.
CVE-2019-5834 3 Fedoraproject, Google, Opensuse 4 Fedora, Chrome, Backports and 1 more 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-1010180 2 Gnu, Opensuse 2 Gdb, Leap 2021-07-21 6.8 MEDIUM 7.8 HIGH
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.