Vulnerabilities > Opensuse > Leap > 15.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-23 | CVE-2018-19491 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in post.trm in Gnuplot 5.2.5. | 6.8 |
2018-11-23 | CVE-2018-19490 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in datafile.c in Gnuplot 5.2.5. | 6.8 |
2018-11-07 | CVE-2018-19052 | Path Traversal vulnerability in multiple products An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. | 5.0 |
2018-10-21 | CVE-2018-18544 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. | 4.3 |
2018-10-19 | CVE-2018-18521 | Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | 4.3 |
2018-10-19 | CVE-2018-18520 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. | 4.3 |
2018-10-15 | CVE-2017-5934 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2018-10-15 | CVE-2018-18310 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. | 4.3 |
2018-10-09 | CVE-2018-12477 | CRLF Injection vulnerability in Opensuse Leap 15.0/42.3 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. | 7.5 |
2018-09-21 | CVE-2018-17294 | Out-of-bounds Read vulnerability in multiple products The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. | 4.3 |