Vulnerabilities > Opensuse > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-23 CVE-2018-14522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in aubio 0.4.6.
network
low complexity
aubio opensuse suse CWE-119
8.8
8.8
2018-07-10 CVE-2018-1128 Improper Authentication vulnerability in multiple products
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack.
high complexity
redhat debian opensuse CWE-287
7.5
7.5
2018-07-10 CVE-2018-10861 Improper Authentication vulnerability in multiple products
A flaw was found in the way ceph mon handles user requests.
network
low complexity
ceph redhat opensuse debian CWE-287
8.1
8.1
2018-06-12 CVE-2011-4182 Improper Input Validation vulnerability in Opensuse Sysconfig
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code.
network
high complexity
opensuse CWE-20
8.1
8.1
2018-06-11 CVE-2011-4181 Improper Input Validation vulnerability in Opensuse Open Build Service
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled.
network
low complexity
opensuse CWE-20
7.5
7.5
2018-06-09 CVE-2018-12085 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
network
low complexity
liblouis canonical opensuse CWE-787
8.8
8.8
2018-06-08 CVE-2014-5220 Command Injection vulnerability in multiple products
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
local
low complexity
opensuse mdadm-project CWE-77
7.8
7.8
2018-06-08 CVE-2014-0594 Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
network
low complexity
opensuse CWE-352
8.8
8.8
2018-06-04 CVE-2018-11685 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
network
low complexity
liblouis canonical opensuse CWE-787
8.8
8.8
2018-06-04 CVE-2018-11684 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
network
low complexity
liblouis canonical opensuse CWE-787
8.8
8.8