Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-18 | CVE-2019-13962 | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player | 9.8 | ||
| 2019-08-07 | CVE-2019-14744 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | Ubuntu_linux, Debian_linux, Fedora, Kconfig, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.8 | ||
| 2019-09-08 | CVE-2016-10937 | IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | Debian_linux, Fedora, Imapfilter, Backports_sle, Leap | 7.5 | ||
| 2019-09-09 | CVE-2019-16159 | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | Debian_linux, Fedora, Bird, Backports_sle | 7.5 | ||
| 2019-09-19 | CVE-2019-11779 | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | Ubuntu_linux, Debian_linux, Mosquitto, Fedora, Backports_sle, Leap | 6.5 | ||
| 2019-10-10 | CVE-2019-17455 | Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | Ubuntu_linux, Debian_linux, Fedora, Libntlm, Backports_sle, Leap | 9.8 | ||
| 2019-10-14 | CVE-2019-17545 | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | Debian_linux, Fedora, Backports_sle, Leap, Spatial_and_graph, Gdal | 9.8 | ||
| 2019-11-22 | CVE-2019-18622 | An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | Fedora, Backports_sle, Leap, Phpmyadmin | 9.8 | ||
| 2019-11-25 | CVE-2019-13699 | Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | Chrome, Backports_sle | 8.8 | ||
| 2019-11-25 | CVE-2019-13700 | Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | Chrome, Backports_sle | 8.8 |