Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
There are 286 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2019-3863

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

Published: March 25, 2019; 2:29:01 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

Published: March 23, 2019; 2:29:02 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2019-9923

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Published: March 22, 2019; 4:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-3858

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Published: March 21, 2019; 5:29:00 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2019-9898

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

Published: March 21, 2019; 12:01:17 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-9897

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

Published: March 21, 2019; 12:01:17 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-9894

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

Published: March 21, 2019; 12:01:17 PM -0400
V3.0: 7.5 HIGH
V2.0: 6.4 MEDIUM
CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

Published: March 21, 2019; 12:01:11 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-7221

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

Published: March 21, 2019; 12:01:10 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-6778

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

Published: March 21, 2019; 12:01:10 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-6690

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

Published: March 21, 2019; 12:01:09 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

Published: March 21, 2019; 12:01:08 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Published: March 21, 2019; 12:01:07 PM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Published: March 21, 2019; 12:01:04 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

Published: March 21, 2019; 12:00:36 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-19872

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

Published: March 21, 2019; 12:00:32 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-18849

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

Published: March 21, 2019; 12:00:29 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-3833

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Published: March 14, 2019; 6:29:01 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-3816

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Published: March 14, 2019; 6:29:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Published: March 08, 2019; 4:29:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 5.0 MEDIUM