Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2018-10-19 CVE-2018-18521 Divide By Zero vulnerability in multiple products
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
5.5
2018-10-19 CVE-2018-18520 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174.
6.5
2018-10-15 CVE-2017-5934 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
moinmo debian canonical opensuse CWE-79
6.1
2018-10-15 CVE-2018-18310 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174.
5.5
2018-10-12 CVE-2018-18225 Incorrect Calculation vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash.
network
low complexity
wireshark debian opensuse CWE-682
7.5
2018-10-09 CVE-2018-18074 Insufficiently Protected Credentials vulnerability in multiple products
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
network
low complexity
python canonical opensuse redhat CWE-522
7.5
2018-10-09 CVE-2018-12479 Improper Input Validation vulnerability in Opensuse Open Build Service
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs.
network
low complexity
opensuse CWE-20
7.5
2018-10-09 CVE-2018-12478 Improper Input Validation vulnerability in Opensuse Open Build Service
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs.
network
low complexity
opensuse CWE-20
6.5
2018-10-09 CVE-2018-12477 CRLF Injection vulnerability in Opensuse Leap 15.0/42.3
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them.
network
low complexity
opensuse CWE-93
7.5
2018-10-09 CVE-2018-12474 Improper Input Validation vulnerability in Opensuse TAR SCM
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations.
network
low complexity
opensuse CWE-20
critical
9.8