Opensuse
opensuse
3,271 CVEs • 50 products
Products (50)
Click to collapseToggle
Products (50)
Click to collapse
CVEs (3,271)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
7Canonical DebianIjg+4 more13Debian Linux Enterprise Linux DesktopEnterprise Linux Server+10 moreNov 21, 2024 May 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. |
2Opensuse Postgresql2Leap PostgresqlNov 21, 2024 May 10, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, a...Show more |
3Debian KdeOpensuse3Debian Linux LeapPlasmaNov 21, 2024 May 8, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. |
3Gnome OpensuseRedhat6Ansible Tower Enterprise Linux DesktopEnterprise Linux Server+3 moreNov 21, 2024 May 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. |
3Debian OpensuseRedhat6Debian Linux Enterprise Linux ServerGluster Storage+3 moreNov 21, 2024 Apr 18, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious...Show more |
2Opensuse Uclouvain2Openjpeg OpensuseNov 21, 2024 Apr 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file...Show more |
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. |
4Canonical OpensuseQemu+1 more9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+6 moreJun 17, 2026 Mar 12, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorr...Show more |
4Debian LibtiffOpensuse+1 more5Debian Linux Enterprise LinuxLeap+2 moreNov 21, 2024 Mar 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a craft...Show more |
xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. |
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to b...Show more |
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. |
1Opensuse 1Obs Service Source Validator Nov 21, 2024 Mar 1, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. |
2Fedoraproject Opensuse2Fedora ZypperNov 21, 2024 Mar 1, 2018 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. |
In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. |
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. |
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions l...Show more |
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. |
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. |
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. |