Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-14 | CVE-2018-16874 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | Debian_linux, Go, Backports_sle, Leap, Linux_enterprise_server | 8.1 | ||
| 2019-02-08 | CVE-2019-7635 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. | Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Backports_sle, Leap | 8.1 | ||
| 2019-04-07 | CVE-2019-10740 | In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | Fedora, Backports_sle, Leap, Webmail | 4.3 | ||
| 2019-04-17 | CVE-2019-9494 | The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. | Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant | 5.9 | ||
| 2019-04-17 | CVE-2019-9495 | The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in... | Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant | 3.7 | ||
| 2019-04-17 | CVE-2019-9498 | The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both... | Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant | 8.1 | ||
| 2019-04-17 | CVE-2019-9499 | The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd... | Debian_linux, Fedora, Freebsd, Backports_sle, Leap, Radius_server, Router_manager, Hostapd, Wpa_supplicant | 8.1 | ||
| 2019-04-23 | CVE-2019-11474 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | Ubuntu_linux, Debian_linux, Fedora, Graphicsmagick, Backports_sle, Leap | 6.5 | ||
| 2019-05-15 | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. | Debian_linux, Fedora, Heimdal, Backports_sle, Leap | 7.4 | ||
| 2019-05-20 | CVE-2019-12221 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | Ubuntu_linux, Debian_linux, Fedora, Sdl2_image, Simple_directmedia_layer, Backports_sle, Leap | 6.5 |