Vulnerabilities > Opensuse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2018-13096 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. | 5.5 |
| 2018-06-13 | CVE-2011-4183 | Unrestricted Upload of File with Dangerous Type vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. | 9.8 |
| 2018-06-12 | CVE-2011-4182 | Improper Input Validation vulnerability in Opensuse Sysconfig Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. | 8.1 |
| 2018-06-11 | CVE-2011-4181 | Improper Input Validation vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. | 7.5 |
| 2018-06-11 | CVE-2018-10360 | Out-of-bounds Read vulnerability in multiple products The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | 6.5 |
| 2018-06-09 | CVE-2018-12085 | Out-of-bounds Write vulnerability in multiple products Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. | 8.8 |
| 2018-06-08 | CVE-2014-5220 | Command Injection vulnerability in multiple products The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | 7.8 |
| 2018-06-08 | CVE-2014-0594 | Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | 8.8 |
| 2018-06-08 | CVE-2014-0593 | Improper Input Validation vulnerability in Opensuse Open Build Service The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). | 9.8 |
| 2018-06-08 | CVE-2013-3703 | Permission Issues vulnerability in Opensuse Open Build Service The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | 6.5 |