Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-23 | CVE-2019-19926 | multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | Debian_linux, Cloud_backup, Backports_sle, Leap, Mysql_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Sinec_infrastructure_network_services, Sqlite, Package_hub | 7.5 | ||
| 2019-12-24 | CVE-2019-19923 | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | Debian_linux, Cloud_backup, Backports_sle, Leap, Mysql_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Sinec_infrastructure_network_services, Sqlite, Package_hub | 7.5 | ||
| 2019-12-24 | CVE-2019-19925 | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | Debian_linux, Cloud_backup, Backports_sle, Leap, Mysql_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Sinec_infrastructure_network_services, Sqlite, Package_hub | 7.5 | ||
| 2019-03-21 | CVE-2019-9896 | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | Backports_sle, Leap, Putty | 7.8 | ||
| 2018-11-07 | CVE-2018-19052 | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | Debian_linux, Lighttpd, Backports_sle, Leap, Suse_linux_enterprise_server | 7.5 | ||
| 2020-03-18 | CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | Debian_linux, Graphicsmagick, Backports_sle, Leap | 6.5 | ||
| 2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | Debian_linux, Backports_sle, Leap, Zabbix | 9.8 | ||
| 2020-02-04 | CVE-2020-8118 | An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | Nextcloud_server, Suse_linux_enterprise_server, Backports_sle | 5.0 | ||
| 2019-02-20 | CVE-2019-7164 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | Debian_linux, Backports_sle, Leap, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Sqlalchemy | 9.8 | ||
| 2019-02-06 | CVE-2019-7548 | SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | Debian_linux, Backports_sle, Leap, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Sqlalchemy | 7.8 |