Vulnerabilities > Opensuse > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-18 | CVE-2018-1000802 | Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. | 9.8 |
| 2018-09-03 | CVE-2018-16402 | Double Free vulnerability in multiple products libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. | 9.8 |
| 2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
| 2018-07-05 | CVE-2018-12910 | Out-of-bounds Read vulnerability in multiple products The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | 9.8 |
| 2018-06-13 | CVE-2011-4183 | Unrestricted Upload of File with Dangerous Type vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. | 9.8 |
| 2018-06-08 | CVE-2014-0593 | Improper Input Validation vulnerability in Opensuse Open Build Service The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). | 9.8 |
| 2018-05-10 | CVE-2018-1115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. | 9.1 |
| 2018-03-05 | CVE-2017-18215 | Out-of-bounds Write vulnerability in multiple products xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. | 9.8 |
| 2018-03-01 | CVE-2017-9270 | Improper Input Validation vulnerability in Opensuse Cryptctl 2.0 In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. | 9.1 |
| 2018-03-01 | CVE-2017-9269 | Improper Input Validation vulnerability in Opensuse Libzypp In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. | 9.8 |