Vulnerabilities > Opensuse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-19 | CVE-2018-18521 | Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | 5.5 |
2018-10-19 | CVE-2018-18520 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. | 6.5 |
2018-10-15 | CVE-2017-5934 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2018-10-15 | CVE-2018-18310 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. | 5.5 |
2018-10-12 | CVE-2018-18225 | Incorrect Calculation vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. | 7.5 |
2018-10-09 | CVE-2018-18074 | Insufficiently Protected Credentials vulnerability in multiple products The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | 7.5 |
2018-10-09 | CVE-2018-12479 | Improper Input Validation vulnerability in Opensuse Open Build Service A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. | 7.5 |
2018-10-09 | CVE-2018-12478 | Improper Input Validation vulnerability in Opensuse Open Build Service A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. | 6.5 |
2018-10-09 | CVE-2018-12477 | CRLF Injection vulnerability in Opensuse Leap 15.0/42.3 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. | 7.5 |
2018-10-09 | CVE-2018-12474 | Improper Input Validation vulnerability in Opensuse TAR SCM Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. | 9.8 |