Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2018-07-09 CVE-2018-1000613 Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.
network
low complexity
bouncycastle netapp opensuse oracle CWE-470
critical
 9.8
9.8
2018-07-06 CVE-2018-10892 The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames.
network
low complexity
docker mobyproject redhat opensuse
5.3
5.3
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
 9.8
9.8
2018-07-03 CVE-2018-13099 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4.
local
low complexity
linux debian opensuse canonical CWE-125
5.5
5.5
2018-07-03 CVE-2018-13096 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14.
local
low complexity
linux debian canonical opensuse CWE-787
5.5
5.5
2018-06-13 CVE-2011-4183 Unrestricted Upload of File with Dangerous Type vulnerability in Opensuse Open Build Service
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files.
network
low complexity
opensuse CWE-434
critical
 9.8
9.8
2018-06-12 CVE-2011-4182 Improper Input Validation vulnerability in Opensuse Sysconfig
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code.
network
high complexity
opensuse CWE-20
8.1
8.1
2018-06-11 CVE-2011-4181 Improper Input Validation vulnerability in Opensuse Open Build Service
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled.
network
low complexity
opensuse CWE-20
7.5
7.5
2018-06-11 CVE-2018-10360 Out-of-bounds Read vulnerability in multiple products
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
network
low complexity
file-project canonical opensuse CWE-125
6.5
6.5
2018-06-09 CVE-2018-12085 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
network
low complexity
liblouis canonical opensuse CWE-787
8.8
8.8