Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensuse leap 42.3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-12477
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote malicious users to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5...
Opensuse Leap 42.3
Opensuse Leap 15.0
3.3
CVSSv3
CVE-2019-8934
hw/ppc/spapr.c in QEMU up to and including 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
Qemu Qemu
Opensuse Leap 15.0
Opensuse Leap 42.3
6.3
CVSSv3
CVE-2019-3840
A NULL pointer dereference flaw exists in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Redhat Libvirt
Opensuse Leap 42.3
Opensuse Leap 15.0
9.8
CVSSv3
CVE-2019-11005
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font fam...
Graphicsmagick Graphicsmagick
Opensuse Leap 42.3
Opensuse Leap 15.0
8.8
CVSSv3
CVE-2017-9286
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
Opensuse Leap 42.3
7.5
CVSSv3
CVE-2017-6594
The transit path validation code in Heimdal prior to 7.3 might allow malicious users to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
Heimdal Project Heimdal
Opensuse Leap 42.2
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2019-8341
An issue exists in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE...
Pocoo Jinja2 2.10
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
1 Github repository
6.5
CVSSv3
CVE-2019-5801
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS before 73.0.3683.75 allowed a remote malicious user to perform domain spoofing via a crafted HTML page.
Google Chrome
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
8.8
CVSSv3
CVE-2019-5787
Use-after-garbage-collection in Blink in Google Chrome before 73.0.3683.75 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
8.8
CVSSv3
CVE-2019-5788
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux before 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Google Chrome
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Backports Sle-15
Opensuse Leap 15.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »