Vulnerabilities (CVE)

Vendor filter

Opensuse Subscribe

Filter

1316 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15902 4 Linux, Netapp, Debian and 1 more 6 Linux Kernel, Active Iq Performance Analytics Services, Service Processor and 3 more 2019-10-10 4.7
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible...
CVE-2019-5739 2 Nodejs, Opensuse 2 Node.js, Leap 2019-10-09 5.0
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and...
CVE-2019-3833 3 Openwsman Project, Fedoraproject, Opensuse 3 Openwsman, Fedora, Leap 2019-10-09 5.0
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP...
CVE-2019-1788 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2019-10-09 4.3
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an...
CVE-2019-1787 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2019-10-09 4.3
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an...
CVE-2018-7689 1 Opensuse 1 Open Build Service 2019-10-09 4.0
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
CVE-2018-7688 1 Opensuse 1 Open Build Service 2019-10-09 4.0
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
CVE-2018-7685 1 Opensuse 1 Libzypp 2019-10-09 4.6
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious...
CVE-2018-20106 1 Opensuse 1 Yast2-printer 2019-10-09 9.3
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires...
CVE-2018-1128 4 Ceph, Redhat, Debian and 1 more 11 Ceph, Ceph Storage, Ceph Storage Mon and 8 more 2019-10-09 5.4
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to...
CVE-2018-17956 1 Opensuse 1 Yast2-samba-provision 2019-10-09 2.1
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list
CVE-2018-12479 1 Opensuse 1 Open Build Service 2019-10-09 5.0
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.
CVE-2018-12478 1 Opensuse 1 Open Build Service 2019-10-09 4.3
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.
CVE-2018-12477 1 Opensuse 2 Opensuse Leap, Leap 2019-10-09 6.4
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service:...
CVE-2018-12473 1 Opensuse 1 Open Build Service 2019-10-09 5.0
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected...
CVE-2018-12467 1 Opensuse 1 Open Build Service 2019-10-09 5.5
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
CVE-2018-12466 1 Opensuse 1 Open Build Service 2019-10-09 5.5
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
CVE-2018-10861 4 Ceph, Redhat, Debian and 1 more 10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more 2019-10-09 5.5
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to...
CVE-2017-9286 1 Opensuse 1 Leap 2019-10-09 9.0
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
CVE-2017-9271 1 Opensuse 1 Zypper 2019-10-09 2.1
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.