Vulnerabilities > Opensuse > Leap > 15.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-09 | CVE-2018-18074 | Insufficiently Protected Credentials vulnerability in multiple products The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | 5.0 |
2018-09-25 | CVE-2018-14647 | Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. | 7.5 |
2018-09-18 | CVE-2018-1000802 | Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. | 9.8 |
2018-09-04 | CVE-2018-10930 | Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_rename_req in glusterfs server. | 4.0 |
2018-09-04 | CVE-2018-10929 | Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs2_create_req in glusterfs server. | 6.5 |
2018-09-04 | CVE-2018-10928 | Link Following vulnerability in multiple products A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. | 6.5 |
2018-09-04 | CVE-2018-10927 | Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. | 5.5 |
2018-09-04 | CVE-2018-10926 | Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. | 6.5 |
2018-09-04 | CVE-2018-10923 | Improper Input Validation vulnerability in multiple products It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. | 5.5 |
2018-09-04 | CVE-2018-10914 | NULL Pointer Dereference vulnerability in multiple products It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. | 4.0 |