Filtered by vendor Opensuse
Subscribe
Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | |||||
| CVE-2018-10911 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | |||||
| CVE-2018-10907 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. | |||||
| CVE-2018-10904 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | |||||
| CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 6 Docker, Moby, Leap and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | |||||
| CVE-2018-10861 | 4 Ceph, Debian, Opensuse and 1 more | 9 Ceph, Debian Linux, Leap and 6 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. | |||||
| CVE-2018-10733 | 3 Gnome, Opensuse, Redhat | 6 Libgxps, Leap, Ansible Tower and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-10380 | 3 Debian, Kde, Opensuse | 3 Debian Linux, Plasma, Leap | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | |||||
| CVE-2018-10360 | 3 Canonical, File Project, Opensuse | 3 Ubuntu Linux, File, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | |||||
| CVE-2018-1000880 | 4 Canonical, Fedoraproject, Libarchive and 1 more | 4 Ubuntu Linux, Fedora, Libarchive and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. | |||||
| CVE-2018-1000879 | 3 Fedoraproject, Libarchive, Opensuse | 3 Fedora, Libarchive, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. | |||||
| CVE-2018-1000878 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. | |||||
| CVE-2018-1000802 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. | |||||
| CVE-2018-1000613 | 4 Bouncycastle, Netapp, Opensuse and 1 more | 24 Legion-of-the-bouncy-castle-java-crytography-api, Oncommand Workflow Automation, Leap and 21 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. | |||||
| CVE-2017-9286 | 1 Opensuse | 1 Leap | 2024-11-21 | 9.0 HIGH | 7.8 HIGH |
| The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. | |||||
| CVE-2017-9274 | 1 Opensuse | 1 Obs-service-source Validator | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | |||||
| CVE-2017-9271 | 2 Fedoraproject, Opensuse | 2 Fedora, Zypper | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | |||||
| CVE-2017-9270 | 1 Opensuse | 1 Cryptctl | 2024-11-21 | 8.5 HIGH | 8.7 HIGH |
| In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. | |||||
| CVE-2017-9269 | 1 Opensuse | 1 Libzypp | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. | |||||
| CVE-2017-9268 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
| In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | |||||