Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-18310 5Canonical DebianElfutils Project+2 more 7Debian Linux ElfutilsEnterprise Linux Desktop+4 more Nov 21, 2024 Oct 15, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a craft...Show more An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.Show less
CVE-2018-18225 3Debian OpensuseWireshark 3Debian Linux LeapWireshark Nov 21, 2024 Oct 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
CVE-2018-18074 4Canonical OpensusePython+1 more 6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+3 more Nov 21, 2024 Oct 9, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by...Show more The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.Show less
CVE-2018-12479 1Opensuse 1Open Build Service Nov 21, 2024 Oct 9, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320af...Show more A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.Show less
CVE-2018-12478 1Opensuse 1Open Build Service Nov 21, 2024 Oct 9, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.
CVE-2018-12477 1Opensuse 1Leap Nov 21, 2024 Oct 9, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openS...Show more A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.Show less
CVE-2018-12474 1Opensuse 1Tar Scm Nov 21, 2024 Oct 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locati...Show more Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.Show less
CVE-2018-12473 1Opensuse 1Open Build Service Nov 21, 2024 Oct 2, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker...Show more A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.Show less
CVE-2018-14647 6Canonical DebianFedoraproject+3 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Nov 21, 2024 Sep 25, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause...Show more Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.Show less
CVE-2018-16597 3Linux NetappOpensuse 4Active Iq Performance Analytics Services Element SoftwareLeap+1 more Nov 21, 2024 Sep 21, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
CVE-2018-17294 3Canonical LiblouisOpensuse 3Leap LiblouisUbuntu Linux Nov 21, 2024 Sep 21, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by...Show more The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.Show less
CVE-2018-1000802 4Canonical DebianOpensuse+1 more 4Debian Linux LeapPython+1 more Nov 21, 2024 Sep 18, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that c...Show more Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.Show less
CVE-2018-10930 4Debian GlusterOpensuse+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Server+4 more Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
CVE-2018-10929 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
CVE-2018-10928 4Debian GlusterOpensuse+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Server+4 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create a...Show more A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.Show less
CVE-2018-10927 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
CVE-2018-10926 4Debian GlusterOpensuse+1 more 6Debian Linux Enterprise LinuxEnterprise Linux Server+3 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a...Show more A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.Show less
CVE-2018-10923 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any devi...Show more It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.Show less
CVE-2018-10914 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in...Show more It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.Show less
CVE-2018-10913 4Debian GlusterOpensuse+1 more 5Debian Linux Enterprise Linux ServerGlusterfs+2 more Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

Previous 1...798081...164 Next