| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-12467 |
264 |
|
|
2018-08-01 |
2018-10-15 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. |
|
2 |
CVE-2018-12466 |
264 |
|
|
2018-08-01 |
2018-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. |
|
3 |
CVE-2018-10380 |
59 |
|
|
2018-05-08 |
2018-06-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. |
|
4 |
CVE-2018-7689 |
275 |
|
|
2018-06-07 |
2018-07-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. |
|
5 |
CVE-2018-7688 |
275 |
|
|
2018-06-07 |
2018-07-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. |
|
6 |
CVE-2017-1000366 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
|
7 |
CVE-2017-18215 |
787 |
|
Exec Code Mem. Corr. |
2018-03-05 |
2018-03-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. |
|
8 |
CVE-2017-17806 |
119 |
|
Overflow |
2017-12-20 |
2018-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. |
|
9 |
CVE-2017-17805 |
20 |
|
DoS |
2017-12-20 |
2018-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. |
|
10 |
CVE-2017-14804 |
20 |
|
|
2018-03-01 |
2018-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. |
|
11 |
CVE-2017-14493 |
119 |
|
DoS Exec Code Overflow |
2017-10-02 |
2018-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. |
|
12 |
CVE-2017-13088 |
254 |
|
|
2017-10-17 |
2018-07-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
|
13 |
CVE-2017-13087 |
254 |
|
|
2017-10-17 |
2018-05-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
|
14 |
CVE-2017-13086 |
254 |
|
|
2017-10-17 |
2018-05-16 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
15 |
CVE-2017-13084 |
254 |
|
|
2017-10-17 |
2018-05-10 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
16 |
CVE-2017-13082 |
254 |
|
|
2017-10-17 |
2018-11-02 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
17 |
CVE-2017-13081 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
|
18 |
CVE-2017-13080 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. |
|
19 |
CVE-2017-13079 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
|
20 |
CVE-2017-13078 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. |
|
21 |
CVE-2017-13077 |
254 |
|
|
2017-10-16 |
2018-11-13 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
22 |
CVE-2017-9286 |
264 |
|
|
2018-03-01 |
2018-03-21 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. |
|
23 |
CVE-2017-9271 |
255 |
|
|
2018-03-01 |
2018-03-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. |
|
24 |
CVE-2017-9270 |
20 |
|
|
2018-03-01 |
2018-03-21 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. |
|
25 |
CVE-2017-9269 |
20 |
|
|
2018-03-01 |
2018-03-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. |
|
26 |
CVE-2017-9268 |
275 |
|
DoS |
2018-03-01 |
2018-07-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). |
|
27 |
CVE-2017-8932 |
310 |
|
|
2017-07-06 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. |
|
28 |
CVE-2017-8386 |
264 |
|
+Priv |
2017-06-01 |
2018-10-30 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. |
|
29 |
CVE-2017-7436 |
20 |
|
|
2018-03-01 |
2018-03-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. |
|
30 |
CVE-2017-7435 |
20 |
|
|
2018-03-01 |
2018-03-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. |
|
31 |
CVE-2017-6594 |
284 |
|
Bypass |
2017-08-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. |
|
32 |
CVE-2017-6542 |
119 |
|
Overflow |
2017-03-27 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. |
|
33 |
CVE-2017-6318 |
200 |
|
+Info |
2017-03-20 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. |
|
34 |
CVE-2017-5938 |
79 |
|
XSS |
2017-03-15 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. |
|
35 |
CVE-2017-5934 |
79 |
|
XSS |
2018-10-15 |
2018-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
36 |
CVE-2017-5930 |
275 |
|
|
2017-03-20 |
2018-10-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. |
|
37 |
CVE-2017-5337 |
119 |
|
Overflow |
2017-03-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
|
38 |
CVE-2017-5336 |
119 |
|
Overflow |
2017-03-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
|
39 |
CVE-2017-5335 |
125 |
|
DoS |
2017-03-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. |
|
40 |
CVE-2017-5334 |
415 |
|
|
2017-03-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. |
|
41 |
CVE-2017-5188 |
200 |
|
+Info |
2018-03-01 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. |
|
42 |
CVE-2016-10207 |
119 |
|
DoS Overflow |
2017-02-28 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. |
|
43 |
CVE-2016-10165 |
125 |
|
DoS +Info |
2017-02-03 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. |
|
44 |
CVE-2016-10070 |
125 |
|
DoS Overflow |
2017-03-03 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. |
|
45 |
CVE-2016-10068 |
20 |
|
DoS |
2017-03-02 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. |
|
46 |
CVE-2016-10065 |
284 |
|
DoS |
2017-03-03 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
47 |
CVE-2016-10064 |
119 |
|
DoS Overflow |
2017-03-02 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
48 |
CVE-2016-10051 |
416 |
|
DoS |
2017-03-23 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
49 |
CVE-2016-10050 |
119 |
|
DoS Overflow |
2017-03-23 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. |
|
50 |
CVE-2016-9961 |
189 |
|
|
2017-06-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
game-music-emu before 0.6.1 mishandles unspecified integer values. |
