OpenSUSE Security Vulnerabilities
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
7.5CVSS
8.6AI Score
0.004EPSS
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
9.8CVSS
9.6AI Score
0.01EPSS
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
8.8CVSS
7.2AI Score
0.004EPSS
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
7.5CVSS
8.7AI Score
0.004EPSS
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
5.5CVSS
5.7AI Score
0.0004EPSS
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configura...
7.5CVSS
7.3AI Score
0.109EPSS
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affe...
6.1CVSS
6.4AI Score
0.002EPSS
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
6.5CVSS
6.2AI Score
0.003EPSS
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, ...
5.3CVSS
5.8AI Score
0.001EPSS
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in...
8.1CVSS
8.5AI Score
0.263EPSS
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode ...
8.1CVSS
8.2AI Score
0.015EPSS
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are...
7.5CVSS
7.5AI Score
0.005EPSS
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
7.8CVSS
7.4AI Score
0.0004EPSS
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
5.5CVSS
6.1AI Score
0.001EPSS
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
6.5CVSS
6.4AI Score
0.002EPSS
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
5.5CVSS
5.3AI Score
0.0004EPSS
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list
7.8CVSS
7.5AI Score
0.0004EPSS
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
7.5CVSS
6.7AI Score
0.004EPSS
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
7.5CVSS
7.3AI Score
0.004EPSS
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
5.5CVSS
6.2AI Score
0.001EPSS
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
8.7AI Score
0.014EPSS
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
9AI Score
0.022EPSS
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is ...
5.9CVSS
6.9AI Score
0.002EPSS
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a ...
6.5CVSS
6.7AI Score
0.003EPSS
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
5.5CVSS
7.2AI Score
0.005EPSS
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
6.5CVSS
7AI Score
0.002EPSS
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
5.5CVSS
7.1AI Score
0.001EPSS
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
5.5CVSS
6AI Score
0.001EPSS
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target fil...
7.5CVSS
7.3AI Score
0.002EPSS
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
5.5CVSS
5.7AI Score
0.001EPSS
The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.
7.5CVSS
7.3AI Score
0.003EPSS
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
4.7CVSS
5.1AI Score
0.001EPSS
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range ar...
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnup...
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when t...
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
6.5CVSS
6.5AI Score
0.002EPSS
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
6.5CVSS
6.5AI Score
0.001EPSS
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
7.8CVSS
7.7AI Score
0.0004EPSS
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
5.5CVSS
6AI Score
0.0004EPSS
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
4.7CVSS
5.7AI Score
0.0004EPSS
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
7.8CVSS
6.2AI Score
0.0004EPSS
If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.
5.5CVSS
5.6AI Score
0.0004EPSS
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
5.7CVSS
6.9AI Score
0.001EPSS
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
5.5CVSS
5.3AI Score
0.002EPSS
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
5.5CVSS
5.5AI Score
0.001EPSS
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
7.5CVSS
7.4AI Score
0.004EPSS
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
6.5CVSS
7AI Score
0.007EPSS
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
8.8CVSS
7.2AI Score
0.006EPSS
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
6.5CVSS
6.9AI Score
0.004EPSS
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
5.5CVSS
5AI Score
0.002EPSS