Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-08	CVE-2018-10380	Link Following vulnerability in multiple products kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. local low complexity kde debian opensuse CWE-59	7.8
2018-05-04	CVE-2018-10733	Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. network low complexity gnome redhat opensuse CWE-125	6.5
2018-04-18	CVE-2018-1088	A privilege escalation flaw was found in gluster 3.x snapshot scheduler. network high complexity redhat opensuse debian	8.1
2018-03-12	CVE-2018-7858	Out-of-bounds Read vulnerability in multiple products Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. local low complexity qemu opensuse redhat canonical CWE-125	5.5
2018-03-12	CVE-2016-5314	Out-of-bounds Write vulnerability in multiple products Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. network low complexity libtiff opensuse redhat debian CWE-787	8.8
2018-03-05	CVE-2017-18215	Out-of-bounds Write vulnerability in multiple products xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. network low complexity xv-project opensuse CWE-787 critical	9.8
2018-03-01	CVE-2017-9286	Unspecified vulnerability in Opensuse Leap 42.3 The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. network low complexity opensuse	8.8
2018-03-01	CVE-2017-14804	Improper Input Validation vulnerability in multiple products The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. network low complexity suse opensuse CWE-20	5.3
2018-02-13	CVE-2018-6954	Link Following vulnerability in multiple products systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. local low complexity systemd-project canonical opensuse CWE-59	7.8
2018-01-29	CVE-2017-18078	Link Following vulnerability in multiple products systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. local low complexity systemd-project debian opensuse CWE-59	7.8