Vulnerabilities
Vulnerable Software
Opensuse:  >> Leap  >> 15.0  Security Vulnerabilities
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
CVSS Score
8.2
EPSS Score
0.016
Published
2019-07-31
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.02
Published
2019-07-31
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.02
Published
2019-07-31
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.02
Published
2019-07-31
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.016
Published
2019-07-31
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.
CVSS Score
3.5
EPSS Score
0.0
Published
2019-07-30
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
CVSS Score
3.5
EPSS Score
0.0
Published
2019-07-30
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
CVSS Score
7.1
EPSS Score
0.009
Published
2019-07-30
Double Free in VLC versions <= 3.0.6 leads to a crash.
CVSS Score
5.5
EPSS Score
0.007
Published
2019-07-30
libopenmpt before 0.3.13 allows a crash with malformed MED files.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-07-30


Contact Us

Shodan ® - All rights reserved