Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Backports
Total 78 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5163 2 Opensuse, Shadowsocks 3 Backports, Leap, Shadowsocks-libev 2024-02-04 4.3 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
CVE-2019-15613 2 Nextcloud, Opensuse 2 Nextcloud Server, Backports 2024-02-04 6.0 MEDIUM 8.0 HIGH
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
CVE-2019-19951 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
CVE-2019-13711 2 Google, Opensuse 2 Chrome, Backports 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13713 2 Google, Opensuse 2 Chrome, Backports 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-0561 4 Intel, Linux, Microsoft and 1 more 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-5803 2 Google, Opensuse 3 Chrome, Backports, Leap 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5804 3 Google, Microsoft, Opensuse 4 Chrome, Windows, Backports and 1 more 2024-02-04 2.1 LOW 5.5 MEDIUM
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.
CVE-2019-14524 2 Opensuse, Schismtracker 3 Backports, Leap, Schism Tracker 2024-02-04 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.
CVE-2019-5789 2 Google, Opensuse 3 Chrome, Backports, Leap 2024-02-04 9.3 HIGH 8.8 HIGH
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
CVE-2019-11328 3 Fedoraproject, Opensuse, Sylabs 4 Fedora, Backports, Leap and 1 more 2024-02-04 9.0 HIGH 8.8 HIGH
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
CVE-2019-5814 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5460 2 Opensuse, Videolan 3 Backports, Leap, Vlc Media Player 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Double Free in VLC versions <= 3.0.6 leads to a crash.
CVE-2019-5808 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5800 2 Google, Opensuse 3 Chrome, Backports, Leap 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5838 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
CVE-2019-5839 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
CVE-2019-5788 2 Google, Opensuse 3 Chrome, Backports, Leap 2024-02-04 9.3 HIGH 8.8 HIGH
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
CVE-2019-5809 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
CVE-2019-5827 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.