Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensuse leap 42.3 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2018-12477
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote malicious users to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5...
Opensuse Leap 42.3
Opensuse Leap 15.0
2.1
CVSSv2
CVE-2019-8934
hw/ppc/spapr.c in QEMU up to and including 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
Qemu Qemu
Opensuse Leap 15.0
Opensuse Leap 42.3
7.5
CVSSv2
CVE-2019-11005
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font fam...
Graphicsmagick Graphicsmagick
Opensuse Leap 42.3
Opensuse Leap 15.0
3.5
CVSSv2
CVE-2019-3840
A NULL pointer dereference flaw exists in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Redhat Libvirt
Opensuse Leap 42.3
Opensuse Leap 15.0
9
CVSSv2
CVE-2017-9286
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
Opensuse Leap 42.3
5
CVSSv2
CVE-2017-6594
The transit path validation code in Heimdal prior to 7.3 might allow malicious users to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
Heimdal Project Heimdal
Opensuse Leap 42.2
Opensuse Leap 42.3
7.5
CVSSv2
CVE-2019-8341
An issue exists in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE...
Pocoo Jinja2 2.10
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2019-5792
Integer overflow in PDFium in Google Chrome before 73.0.3683.75 allowed a remote malicious user to potentially perform out of bounds memory access via a crafted PDF file.
Google Chrome
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
4.3
CVSSv2
CVE-2019-5793
Insufficient policy enforcement in extensions in Google Chrome before 73.0.3683.75 allowed a remote malicious user to initiate the extensions installation user interface via a crafted HTML page.
Google Chrome
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
4.3
CVSSv2
CVE-2019-5794
Incorrect handling of cancelled requests in Navigation in Google Chrome before 73.0.3683.75 allowed a remote malicious user to perform domain spoofing via a crafted HTML page.
Google Chrome
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »