Filtered by vendor Opensuse
Subscribe
Total
3288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16402 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
|
|||||
| CVE-2018-16229 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
|
|||||
| CVE-2018-16227 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
|
|||||
| CVE-2018-16062 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
|
|||||
| CVE-2018-15518 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
|
|||||
| CVE-2018-14880 | 7 Apple, Debian, F5 and 4 more | 23 Mac Os X, Debian Linux, Big-ip Access Policy Manager and 20 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
|
|||||
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
|
|||||
| CVE-2018-14647 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
|
|||||
| CVE-2018-14553 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
|
|||||
| CVE-2018-14523 | 3 Aubio, Opensuse, Suse | 3 Aubio, Leap, Linux Enterprise | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
|
|||||
| CVE-2018-14522 | 3 Aubio, Opensuse, Suse | 3 Aubio, Leap, Linux Enterprise | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
|
|||||
| CVE-2018-14498 | 5 Debian, Fedoraproject, Libjpeg-turbo and 2 more | 5 Debian Linux, Fedora, Libjpeg-turbo and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
|
|||||
| CVE-2018-14469 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
|
|||||
| CVE-2018-14466 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
|
|||||
| CVE-2018-14464 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
|
|||||
| CVE-2018-14463 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
|
|||||
| CVE-2018-13099 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.
|
|||||
| CVE-2018-13096 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.
|
|||||
| CVE-2018-12910 | 5 Canonical, Debian, Gnome and 2 more | 9 Ubuntu Linux, Debian Linux, Libsoup and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
|
|||||
| CVE-2018-12479 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.
|
|||||
| CVE-2018-12478 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 4.3 MEDIUM | 4.8 MEDIUM |
|
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.
|
|||||
| CVE-2018-12477 | 1 Opensuse | 1 Leap | 2024-11-21 | 6.4 MEDIUM | 3.5 LOW |
|
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.
|
|||||
| CVE-2018-12475 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .
|
|||||
| CVE-2018-12474 | 1 Opensuse | 1 Tar Scm | 2024-11-21 | 7.5 HIGH | 5.4 MEDIUM |
|
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.
|
|||||
| CVE-2018-12473 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.0 MEDIUM | 3.1 LOW |
|
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.
|
|||||
| CVE-2018-12467 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.5 MEDIUM | 6.0 MEDIUM |
|
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
|
|||||
| CVE-2018-12466 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.5 MEDIUM | 4.4 MEDIUM |
|
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
|
|||||
| CVE-2018-12207 | 8 Canonical, Debian, F5 and 5 more | 1533 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1530 more | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
|
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
|
|||||
| CVE-2018-12180 | 2 Opensuse, Tianocore | 2 Leap, Edk Ii | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
|
|||||
| CVE-2018-12085 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
|
|||||
| CVE-2018-11685 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
|
|||||
| CVE-2018-11684 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
|
|||||
| CVE-2018-11683 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
|
|||||
| CVE-2018-11577 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
|
|||||
| CVE-2018-11440 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
|
|||||
| CVE-2018-11212 | 7 Canonical, Debian, Ijg and 4 more | 13 Ubuntu Linux, Debian Linux, Libjpeg and 10 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
|
|||||
| CVE-2018-10930 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
|
|||||
| CVE-2018-10929 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
|
|||||
| CVE-2018-10928 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
|
|||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
|
|||||