Vulnerabilities > Opensuse > Leap > 15.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-04 | CVE-2018-10913 | Information Exposure Through an Error Message vulnerability in multiple products An information disclosure vulnerability was discovered in glusterfs server. | 4.0 |
2018-09-04 | CVE-2018-10911 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. | 5.0 |
2018-09-04 | CVE-2018-10907 | Stack-based Buffer Overflow vulnerability in multiple products It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. | 6.5 |
2018-09-04 | CVE-2018-10904 | Untrusted Search Path vulnerability in multiple products It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. | 6.5 |
2018-09-03 | CVE-2018-16402 | Double Free vulnerability in multiple products libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. | 9.8 |
2018-08-29 | CVE-2018-16062 | Out-of-bounds Read vulnerability in multiple products dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 5.5 |
2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
2018-07-06 | CVE-2018-10892 | Execution with Unnecessary Privileges vulnerability in multiple products The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. | 5.3 |
2018-05-23 | CVE-2018-1125 | Out-of-bounds Write vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. | 5.0 |
2018-05-23 | CVE-2018-1124 | Integer Overflow or Wraparound vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. | 4.6 |