Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-19 | CVE-2019-11779 | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | Ubuntu_linux, Debian_linux, Mosquitto, Fedora, Backports_sle, Leap | 6.5 | ||
| 2019-10-10 | CVE-2019-17455 | Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | Ubuntu_linux, Debian_linux, Fedora, Libntlm, Backports_sle, Leap | 9.8 | ||
| 2019-10-14 | CVE-2019-17545 | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | Debian_linux, Fedora, Backports_sle, Leap, Spatial_and_graph, Gdal | 9.8 | ||
| 2019-11-22 | CVE-2019-18622 | An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | Fedora, Backports_sle, Leap, Phpmyadmin | 9.8 | ||
| 2019-11-25 | CVE-2019-13699 | Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | Chrome, Backports_sle | 8.8 | ||
| 2019-11-25 | CVE-2019-13700 | Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | Chrome, Backports_sle | 8.8 | ||
| 2019-11-25 | CVE-2019-13701 | Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | Chrome, Backports_sle | 4.3 | ||
| 2019-11-25 | CVE-2019-13702 | Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. | Chrome, Backports_sle | 7.8 | ||
| 2019-11-25 | CVE-2019-13703 | Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | Chrome, Backports_sle | 4.3 | ||
| 2019-11-25 | CVE-2019-13704 | Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | Chrome, Backports_sle | 4.3 |