Risk | High |
Patch available | YES |
Number of vulnerabilities | 58 |
CVE-ID | CVE-2019-1348 CVE-2019-13484 CVE-2019-13486 CVE-2019-13485 CVE-2019-1349 CVE-2019-13496 CVE-2019-13498 CVE-2019-13497 CVE-2019-1350 CVE-2019-13509 CVE-2019-13505 CVE-2019-13504 CVE-2019-1351 CVE-2019-13519 CVE-2019-13517 CVE-2019-13518 CVE-2019-13511 CVE-2019-13510 CVE-2019-13512 CVE-2019-13516 CVE-2019-13515 CVE-2019-13514 CVE-2019-13513 CVE-2019-13524 CVE-2019-1352 CVE-2019-13525 CVE-2019-13529 CVE-2019-13521 CVE-2019-13527 CVE-2019-13528 CVE-2019-13523 CVE-2019-13522 CVE-2019-13526 CVE-2019-13520 CVE-2019-13533 CVE-2019-1353 CVE-2019-13539 CVE-2019-13535 CVE-2019-13531 CVE-2019-13537 CVE-2019-13534 CVE-2019-13530 CVE-2019-13532 CVE-2019-13538 CVE-2019-13536 CVE-2019-1354 CVE-2019-13543 CVE-2019-13547 CVE-2019-13549 CVE-2019-13546 CVE-2019-13545 CVE-2019-13541 CVE-2019-13548 CVE-2019-13542 CVE-2019-13544 CVE-2019-13540 CVE-2019-1387 CVE-2019-19604 |
CWE-ID | CWE-22 CWE-119 CWE-121 CWE-20 CWE-354 CWE-300 CWE-352 CWE-532 CWE-79 CWE-125 CWE-36 CWE-843 CWE-384 CWE-200 CWE-416 CWE-693 CWE-306 CWE-77 CWE-824 CWE-285 CWE-284 CWE-288 CWE-294 CWE-276 CWE-287 CWE-494 CWE-259 CWE-122 CWE-798 CWE-862 CWE-787 CWE-476 CWE-78 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #27 is available. Public exploit code for vulnerability #58 is available. |
Vulnerable software |
Opensuse Operating systems & Components / Operating system |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 58 vulnerabilities.
EUVDB-ID: #VU23554
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1348
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when the export-marks option of git fast-import is exposed also via the in-stream command feature. A remote attacker can send a specially crafted HTTP request and overwrite arbitrary paths on the system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21083
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13484
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the status-log viewer CGI because of expansion in the "appfeed.c". A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21082
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13486
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to access or modify data, or cause a denial of service (DoS) condition on an affected system.
The vulnerability exists in the status-log viewer component due to a boundary error in the "svcstatus.c" file because the software does not properly validate user-supplied input. A remote unauthenticated attacker can submit malicious input, trigger stack-based buffer overflow and access or modify data, or cause a DoS condition on the affected system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21060
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13485
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long hostname or service parameter in history.c within the in the history viewer component. A remote authenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23494
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1349
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the Git for Visual Studio. A remote attacker can convince the user to clone a malicious repo and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22542
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13496
CWE-ID:
CWE-354 - Improper Validation of Integrity Check Value
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
Update the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU22528
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13498
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU22527
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13497
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in logout requests. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23493
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1350
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the Git for Visual Studio. A remote attacker can convince the user to clone a malicious repo and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU19390
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13509
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU19241
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13505
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
Description
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks via the E-mail field.
The vulnerability exists due to insufficient sanitization of user-supplied data in a booking form. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU19220
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13504
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to an out-of-bounds read error in the "Exiv2::MrwImage::readMetadata" function in the "mrwimage.cpp" file. A remote attacker can create a specially crafted media file, trick the victim into opening it and cause the affected application to crash.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU23500
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1351
CWE-ID:
CWE-36 - Absolute Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to the Git for Visual Studio improperly handles virtual drive paths. A remote attacker can clone a file using a specially crafted path and write arbitrary files and directories to certain locations on a vulnerable system.
Update the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21331
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13519
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing the .DOE files. A remote attacker can trick a victim to open a specially crafted .DOE file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20897
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13517
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20840
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13518
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the application. A remote attacker can send a specially crafted project file, trigger stack-based buffer overflow and execute arbitrary code under the privileges of the application.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20458
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13511
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the specific flaw exists within the processing of project files. A remote attacker can trick a victim to open a specially crafted Arena file and gain unauthorized access to sensitive information related to the targeted workstation.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20457
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13510
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing the Arena files. A remote attacker can trick a victim to open a specially crafted Arena file and crash the application or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20456
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-13512
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the device. A local attacker can trigger out-of-bounds read error and read limited information from the device.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20455
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13516
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20454
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13515
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20351
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13514
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a specially crafted project file. A local attacker can send a specially crafted project file, trigger a use-after-free vulnerability, gain sensitive information on the target system, execute arbitrary code, or crash the application.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20350
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13513
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing a specially crafted project file. A local attacker can create a specially crafted project file, trigger out-of-bounds read error and read contents of memory on the system and cause it to crash.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU24308
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13524
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially manipulated packets, cause the module state to change to halt-mode and cause a denial of service condition on the target device.
Update the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23492
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1352
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the Git for Visual Studio. A remote attacker can convince the user to clone a malicious repo and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22283
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13525
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21726
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2019-13529
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU21332
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13521
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands.
Update the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21330
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13527
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21231
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13528
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21209
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13523
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the integrated web server of the affected devices allows to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders). A remote attacker can gain unauthorized access to view device configuration information.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20839
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13522
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the application. A remote attacker can create a specially crafted project file, trick the victim into opening it, trigger memory corruption and execute arbitrary code under the privileges of the application.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20419
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13526
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20346
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13520
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the affected application when processing SDP files. A remote unauthenticated attacker can send a specially crafted project files, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23585
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-13533
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists in the FINS communication protocol due to the FINS communication packet between a controller and a PLC may be monitored and it may invite replay attack using commands for the PLC. A remote attacker can cause opening and closing of industrial valves.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23555
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1353
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists to due none of the NTFS protections are active when accessing a working directory on a regular Windows drive. A local user with access to the system can view contents of files and directories or modify them.
Note: This vulnerability occurs when running Git in the Windows Subsystem for Linux (also known as "WSL").
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22639
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13539
CWE-ID: N/A
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22638
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13535
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22637
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13531
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error in the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments. An attacker with physical access to the device can connect inauthentic instruments to the generator, bypass authentication process and gain unauthorized access to the application.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21935
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13537
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause a server-side crash.
The vulnerability exists due to a boundary error in the IEC870IP driver. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause a server-side crash on the target system.
Note: This vulnerability affects only the IEC870IP driver used in Vijeo Citect and Citect SCADA. MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21105
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13534
CWE-ID:
CWE-494 - Download of Code Without Integrity Check
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21104
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13530
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21102
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13532
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the CODESYS V3 web server. A remote attacker can send a specially crafted HTTP or HTTPS request and read arbitrary files outside the restricted working directory of the controller.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21101
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13538
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the CODESYS V3 Library Manager. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21047
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13536
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing specially crafted project files. A remote attacker can send a specially crafted project file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23491
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1354
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the Git for Visual Studio. A remote attacker can convince the user to clone a malicious repo and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22640
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13543
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials and read files on the target system.
Update the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22452
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-13547
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22292
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-13549
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22282
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-13546
CWE-ID: N/A
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21934
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13545
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21933
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13541
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can access sensitive information and execute arbitrary code.
Update the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21103
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13548
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CODESYS V3 web server. A remote unauthenticated attacker can send a specially crafted HTTP or HTTPS request, trigger stack-based buffer overflow and cause a denial-of-service condition or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21099
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing requests. A remote authenticated attacker can send a specially crafted request from a trusted OPC UA client and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21048
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13544
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted project file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21046
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13540
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing specially crafted project files. A remote unauthenticated attacker can send a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23488
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1387
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the Git for Visual Studio. A remote attacker can convince the user to clone a malicious repo and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23556
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-19604
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to a "git submodule update" operation can run commands found in the ".gitmodules" file of a malicious repository. A remote unauthenticated attacker can execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 15.1
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.