Lucene search
K

9102 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.2 views

SUSE CVE-2018-20433

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...

4.8CVSS7AI score0.04589EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2019-1549

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

5.9CVSS6.7AI score0.06232EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.2 views

SUSE CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...

5.3CVSS5.1AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.5 views

SUSE CVE-2019-6988

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service attempted excessive memory allocation in opjcalloc in openjp2/opjmalloc.c, when called from opjtcdinittile in openjp2/tcd.c, as demonstrated by the 64-bit opjdecompress...

6.5CVSS8.4AI score0.01724EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.4 views

SUSE CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo...

3.3CVSS9.4AI score0.01907EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.3 views

SUSE CVE-2019-18810

A memory leak in the komedawbconnectoradd function in drivers/gpu/drm/arm/display/komeda/komedawbconnector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service memory consumption by triggering drmwritebackconnectorinit failures, aka CID-a0ecd6fdbf5d...

7.8CVSS7.4AI score0.03286EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.6 views

SUSE CVE-2019-19057

Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-d10dcb615c8e...

4CVSS6.8AI score0.00788EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.3 views

SUSE CVE-2019-20503

usrsctp before 2019-12-20 has out-of-bounds reads in sctploadaddressesfrominit...

6.1CVSS9.1AI score0.03155EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

5.3CVSS6.6AI score0.03065EPSS
Exploits0References54
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

7.4CVSS8.6AI score0.02055EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.4 views

SUSE CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed window-function query because the AggInfo object's initialization is mishandled...

7.5CVSS7.4AI score0.05053EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...

3.7CVSS8.2AI score0.01609EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

6.8CVSS6.5AI score0.00328EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-28019

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

7.5CVSS7.9AI score0.61061EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.2 views

SUSE CVE-2021-1820

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory...

6.5CVSS6.2AI score0.01291EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.2 views

SUSE CVE-2021-3564

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13...

4.7CVSS6.3AI score0.00481EPSS
Exploits1References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.1 views

SUSE CVE-2021-40540

ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo-request NULL check for certain malformed HTTP requests...

9.8CVSS9.3AI score0.02544EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.2 views

SUSE CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

6.5CVSS6.3AI score0.00311EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.10 views

SUSE CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.8CVSS6.5AI score0.88106EPSS
Exploits100References18
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

6.5CVSS6.8AI score0.02846EPSS
Exploits0References4
Rows per page
Query Builder