Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2018-06-08 CVE-2014-5220 Command Injection vulnerability in multiple products
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
local
low complexity
opensuse mdadm-project CWE-77
7.8
7.8
2018-06-08 CVE-2014-0594 Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
network
low complexity
opensuse CWE-352
8.8
8.8
2018-06-08 CVE-2014-0593 Improper Input Validation vulnerability in Opensuse Open Build Service
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS).
network
low complexity
opensuse CWE-20
critical
 9.8
9.8
2018-06-08 CVE-2013-3703 Permission Issues vulnerability in Opensuse Open Build Service
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.
network
low complexity
opensuse CWE-275
6.5
6.5
2018-06-07 CVE-2018-7689 Missing Authorization vulnerability in Opensuse Open Build Service
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
network
low complexity
opensuse CWE-862
6.5
6.5
2018-06-07 CVE-2018-7688 Missing Authorization vulnerability in Opensuse Open Build Service
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
network
low complexity
opensuse CWE-862
6.5
6.5
2018-06-04 CVE-2018-11685 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
network
low complexity
liblouis canonical opensuse CWE-787
8.8
8.8
2018-06-04 CVE-2018-11684 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
network
low complexity
liblouis canonical opensuse CWE-787
8.8
8.8
2018-06-04 CVE-2018-11683 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
network
low complexity
liblouis canonical opensuse CWE-787
8.8
8.8
2018-05-31 CVE-2018-11577 Classic Buffer Overflow vulnerability in multiple products
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
network
low complexity
liblouis canonical opensuse CWE-120
8.8
8.8