Vulnerabilities > Opensuse > Leap > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-26 | CVE-2018-15518 | Double Free vulnerability in multiple products QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | 8.8 |
| 2018-12-21 | CVE-2018-20346 | Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | 8.1 |
| 2018-12-20 | CVE-2018-1000878 | Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. | 8.8 |
| 2018-12-14 | CVE-2018-16875 | Improper Certificate Validation vulnerability in multiple products The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. | 7.5 |
| 2018-12-14 | CVE-2018-16874 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). | 8.1 |
| 2018-12-14 | CVE-2018-16873 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. | 8.1 |
| 2018-12-11 | CVE-2018-18356 | Use After Free vulnerability in multiple products An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-12-11 | CVE-2018-18335 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-12-05 | CVE-2018-19865 | Information Exposure Through Log Files vulnerability in multiple products A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | 7.5 |
| 2018-11-23 | CVE-2018-19492 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in cairo.trm in Gnuplot 5.2.5. | 7.8 |