Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-18 | CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | Debian_linux, Graphicsmagick, Backports_sle, Leap | 6.5 | ||
| 2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | Debian_linux, Backports_sle, Leap, Zabbix | 9.8 | ||
| 2019-02-20 | CVE-2019-7164 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | Debian_linux, Backports_sle, Leap, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Sqlalchemy | 9.8 | ||
| 2019-02-06 | CVE-2019-7548 | SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | Debian_linux, Backports_sle, Leap, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Sqlalchemy | 7.8 | ||
| 2019-07-30 | CVE-2019-5459 | An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | Backports, Backports_sle, Leap, Vlc_media_player | 7.1 | ||
| 2020-02-04 | CVE-2019-15623 | Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | Nextcloud_server, Backports_sle, Package_hub | 5.3 | ||
| 2019-12-16 | CVE-2019-16779 | In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. | Debian_linux, Excon, Backports_sle, Leap | 5.9 | ||
| 2020-02-28 | CVE-2019-3698 | UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1... | Nagios, Backports_sle, Leap | 7.0 | ||
| 2019-11-26 | CVE-2019-14856 | ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None | Backports_sle, Leap, Ansible, Openstack | 6.5 | ||
| 2019-12-27 | CVE-2019-20015 | An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. | Libredwg, Backports_sle, Leap | N/A |