Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
OpensuseLeap

1897 matches found

CVE
CVEadded 2020/05/06 3:15 a.m.227 views

CVE-2020-12672

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

7.5CVSS7.6AI score0.00357EPSS
CVE
CVEadded 2020/10/22 2:15 p.m.227 views

CVE-2020-27560

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

4.3CVSS3.7AI score0.00073EPSS
CVE
CVEadded 2020/09/18 9:15 p.m.227 views

CVE-2020-8201

Node.js < 12.18.4 and

7.4CVSS7.1AI score0.01408EPSS
CVE
CVEadded 2018/11/26 3:29 a.m.226 views

CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

6.5CVSS6.5AI score0.01029EPSS
CVE
CVEadded 2019/09/23 12:15 p.m.226 views

CVE-2019-16709

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

6.5CVSS7AI score0.00135EPSS
CVE
CVEadded 2019/09/23 12:15 p.m.226 views

CVE-2019-16713

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

6.5CVSS7.5AI score0.00144EPSS
CVE
CVEadded 2019/11/04 4:15 p.m.226 views

CVE-2019-18683

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streami...

7CVSS7.7AI score0.01138EPSS
CVE
CVEadded 2019/02/05 12:29 a.m.226 views

CVE-2019-7398

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

7.5CVSS7.7AI score0.00181EPSS
CVE
CVEadded 2020/10/10 7:15 p.m.226 views

CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

6.1CVSS7AI score0.03386EPSS
CVE
CVEadded 2020/04/15 2:15 p.m.226 views

CVE-2020-2959

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Orac...

8.6CVSS7.9AI score0.01501EPSS
CVE
CVEadded 2018/10/15 2:29 a.m.225 views

CVE-2018-18310

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

5.5CVSS6.2AI score0.00129EPSS
CVE
CVEadded 2018/10/21 1:29 a.m.225 views

CVE-2018-18544

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.

6.5CVSS7AI score0.00145EPSS
CVE
CVEadded 2019/09/23 12:15 p.m.225 views

CVE-2019-16708

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

6.5CVSS7.4AI score0.00144EPSS
CVE
CVEadded 2019/12/03 4:15 p.m.225 views

CVE-2019-19526

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

4.9CVSS6AI score0.0005EPSS
CVE
CVEadded 2019/03/25 7:29 p.m.225 views

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS5.6AI score0.01038EPSS
CVE
CVEadded 2020/05/22 3:15 p.m.225 views

CVE-2020-11077

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...

7.5CVSS6.9AI score0.0137EPSS
CVE
CVEadded 2019/09/23 12:15 p.m.224 views

CVE-2019-16710

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

6.5CVSS7.5AI score0.00144EPSS
CVE
CVEadded 2019/02/07 7:29 a.m.224 views

CVE-2019-7577

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

8.8CVSS8.8AI score0.03783EPSS
CVE
CVEadded 2019/02/08 11:29 a.m.224 views

CVE-2019-7635

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

8.1CVSS8.5AI score0.03385EPSS
CVE
CVEadded 2020/07/17 3:15 a.m.224 views

CVE-2020-15803

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

6.1CVSS5.9AI score0.02092EPSS
CVE
CVEadded 2020/02/27 9:15 p.m.224 views

CVE-2020-3862

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.

6.5CVSS6.3AI score0.00183EPSS
CVE
CVEadded 2020/01/08 10:15 p.m.223 views

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.01132EPSS
CVE
CVEadded 2020/05/19 7:15 p.m.223 views

CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS6.8AI score0.00198EPSS
CVE
CVEadded 2020/05/29 8:15 p.m.223 views

CVE-2020-11086

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.

5.5CVSS5.5AI score0.0019EPSS
CVE
CVEadded 2020/02/20 4:15 p.m.223 views

CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

9CVSS8.7AI score0.46795EPSS
CVE
CVEadded 2019/04/09 4:29 a.m.222 views

CVE-2019-10901

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

7.5CVSS7.2AI score0.10053EPSS
CVE
CVEadded 2019/04/17 2:29 p.m.222 views

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful att...

4.3CVSS6.7AI score0.04562EPSS
CVE
CVEadded 2020/06/29 10:15 p.m.222 views

CVE-2020-15393

In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.

5.5CVSS5.9AI score0.0003EPSS
CVE
CVEadded 2018/09/04 1:29 p.m.221 views

CVE-2018-10907

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffe...

8.8CVSS8.5AI score0.02451EPSS
CVE
CVEadded 2019/03/27 8:29 p.m.221 views

CVE-2019-0160

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

9.8CVSS9.5AI score0.00868EPSS
CVE
CVEadded 2019/07/18 8:15 p.m.221 views

CVE-2019-13962

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

9.8CVSS9.3AI score0.0194EPSS
CVE
CVEadded 2019/12/05 1:15 a.m.221 views

CVE-2019-19553

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

7.5CVSS7.2AI score0.00552EPSS
CVE
CVEadded 2020/06/08 4:15 p.m.221 views

CVE-2020-12802

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed w...

5.3CVSS5.8AI score0.00473EPSS
CVE
CVEadded 2020/09/16 1:15 p.m.221 views

CVE-2020-14392

An untrusted pointer dereference flaw was found in Perl-DBI

5.5CVSS5.6AI score0.00079EPSS
CVE
CVEadded 2016/05/22 1:59 a.m.220 views

CVE-2016-4342

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR ...

8.8CVSS7.4AI score0.09345EPSS
CVE
CVEadded 2019/10/03 4:15 p.m.220 views

CVE-2018-14881

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

7.5CVSS8.6AI score0.02939EPSS
CVE
CVEadded 2018/09/03 7:29 p.m.220 views

CVE-2018-16402

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

9.8CVSS9.6AI score0.01061EPSS
CVE
CVEadded 2019/06/26 6:15 p.m.220 views

CVE-2019-12975

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.

5.5CVSS6.7AI score0.00091EPSS
CVE
CVEadded 2019/08/19 10:15 p.m.220 views

CVE-2019-15222

An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.

4.9CVSS5.9AI score0.00073EPSS
CVE
CVEadded 2019/09/23 12:15 p.m.220 views

CVE-2019-16712

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.

6.5CVSS7.5AI score0.00088EPSS
CVE
CVEadded 2019/12/24 5:15 p.m.220 views

CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5CVSS7.8AI score0.12247EPSS
CVE
CVEadded 2020/07/15 6:15 p.m.220 views

CVE-2020-14562

Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

5.3CVSS5AI score0.00267EPSS
CVE
CVEadded 2020/08/10 6:15 p.m.220 views

CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

9.3CVSS9.2AI score0.0078EPSS
CVE
CVEadded 2016/01/09 2:59 a.m.219 views

CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof se...

5.9CVSS6.1AI score0.02005EPSS
CVE
CVEadded 2018/09/04 2:29 p.m.219 views

CVE-2018-10913

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

6.5CVSS6.7AI score0.01046EPSS
CVE
CVEadded 2018/10/19 5:29 p.m.219 views

CVE-2018-18521

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

5.5CVSS7.2AI score0.0014EPSS
CVE
CVEadded 2019/12/25 4:15 a.m.219 views

CVE-2019-19965

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

4.7CVSS6.2AI score0.00061EPSS
CVE
CVEadded 2019/08/20 8:15 p.m.219 views

CVE-2019-2126

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Andr...

9.3CVSS8.6AI score0.064EPSS
CVE
CVEadded 2019/05/23 8:29 p.m.219 views

CVE-2019-5801

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.2AI score0.00223EPSS
CVE
CVEadded 2019/02/08 11:29 a.m.219 views

CVE-2019-7637

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

8.8CVSS8.9AI score0.03612EPSS
Total number of security vulnerabilities1897