Product:

Backports_sle

(Opensuse)
Repositories https://github.com/opencontainers/runc
https://github.com/lighttpd/lighttpd1.4
#Vulnerabilities 326
Date Id Summary Products Score Patch Annotated
2019-04-17 CVE-2019-9498 The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both... Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant 8.1
2019-04-17 CVE-2019-9499 The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd... Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant 8.1
2019-04-23 CVE-2019-11474 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. Ubuntu_linux, Debian_linux, Fedora, Graphicsmagick, Backports_sle, Leap 6.5
2019-05-15 CVE-2019-12098 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. Debian_linux, Fedora, Heimdal, Backports_sle, Leap 7.4
2019-05-20 CVE-2019-12221 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. Ubuntu_linux, Debian_linux, Fedora, Sdl2_image, Simple_directmedia_layer, Backports_sle, Leap 6.5
2019-05-23 CVE-2019-5794 Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chrome, Backports_sle, Leap 6.5
2019-05-23 CVE-2019-5796 Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chrome, Backports_sle, Leap 7.5
2019-05-23 CVE-2019-5802 Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chrome, Backports_sle, Leap 6.5
2019-07-14 CVE-2019-13602 An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player 7.8
2019-07-16 CVE-2019-13616 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Backports_sle, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.1