| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-15902 |
4 Linux, Netapp, Debian and 1 more |
6 Linux Kernel, Active Iq Performance Analytics Services, Service Processor and 3 more |
2019-10-10 |
4.7 |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible... |
| CVE-2019-5739 |
2 Nodejs, Opensuse |
2 Node.js, Leap |
2019-10-09 |
5.0 |
| Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and... |
| CVE-2019-3833 |
3 Openwsman Project, Fedoraproject, Opensuse |
3 Openwsman, Fedora, Leap |
2019-10-09 |
5.0 |
| Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP... |
| CVE-2019-1788 |
3 Clamav, Debian, Opensuse |
3 Clamav, Debian Linux, Leap |
2019-10-09 |
4.3 |
| A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an... |
| CVE-2019-1787 |
3 Clamav, Debian, Opensuse |
3 Clamav, Debian Linux, Leap |
2019-10-09 |
4.3 |
| A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an... |
| CVE-2018-7689 |
1 Opensuse |
1 Open Build Service |
2019-10-09 |
4.0 |
| Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. |
| CVE-2018-7688 |
1 Opensuse |
1 Open Build Service |
2019-10-09 |
4.0 |
| A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. |
| CVE-2018-7685 |
1 Opensuse |
1 Libzypp |
2019-10-09 |
4.6 |
| The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious... |
| CVE-2018-20106 |
1 Opensuse |
1 Yast2-printer |
2019-10-09 |
9.3 |
| In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires... |
| CVE-2018-1128 |
4 Ceph, Redhat, Debian and 1 more |
11 Ceph, Ceph Storage, Ceph Storage Mon and 8 more |
2019-10-09 |
5.4 |
| It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to... |
| CVE-2018-17956 |
1 Opensuse |
1 Yast2-samba-provision |
2019-10-09 |
2.1 |
| In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list |
| CVE-2018-12479 |
1 Opensuse |
1 Open Build Service |
2019-10-09 |
5.0 |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. |
| CVE-2018-12478 |
1 Opensuse |
1 Open Build Service |
2019-10-09 |
4.3 |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown. |
| CVE-2018-12477 |
1 Opensuse |
2 Opensuse Leap, Leap |
2019-10-09 |
6.4 |
| A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service:... |
| CVE-2018-12473 |
1 Opensuse |
1 Open Build Service |
2019-10-09 |
5.0 |
| A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected... |
| CVE-2018-12467 |
1 Opensuse |
1 Open Build Service |
2019-10-09 |
5.5 |
| Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. |
| CVE-2018-12466 |
1 Opensuse |
1 Open Build Service |
2019-10-09 |
5.5 |
| openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. |
| CVE-2018-10861 |
4 Ceph, Redhat, Debian and 1 more |
10 Ceph, Ceph Storage, Ceph Storage Mon and 7 more |
2019-10-09 |
5.5 |
| A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to... |
| CVE-2017-9286 |
1 Opensuse |
1 Leap |
2019-10-09 |
9.0 |
| The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. |
| CVE-2017-9271 |
1 Opensuse |
1 Zypper |
2019-10-09 |
2.1 |
| The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. |
