Opensuse : Security Vulnerabilities, CVEs, Published In 2018
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.
Max CVSS
6.5
EPSS Score
0.59%
Published
2018-12-20
Updated
2020-08-24
libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.
Max CVSS
6.5
EPSS Score
0.69%
Published
2018-12-20
Updated
2019-11-06
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
Max CVSS
8.8
EPSS Score
1.60%
Published
2018-12-20
Updated
2019-11-06
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
Max CVSS
9.8
EPSS Score
0.96%
Published
2018-09-18
Updated
2023-03-09
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
Max CVSS
9.8
EPSS Score
0.57%
Published
2018-07-09
Updated
2024-01-25
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
Max CVSS
8.8
EPSS Score
0.42%
Published
2018-12-28
Updated
2022-04-15
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
Max CVSS
8.8
EPSS Score
0.37%
Published
2018-12-28
Updated
2022-04-15
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
Max CVSS
8.1
EPSS Score
0.32%
Published
2018-12-28
Updated
2022-04-15
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
Max CVSS
8.1
EPSS Score
0.33%
Published
2018-12-28
Updated
2022-06-13
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
Max CVSS
8.8
EPSS Score
0.32%
Published
2018-12-28
Updated
2022-06-13
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.
Max CVSS
6.5
EPSS Score
0.50%
Published
2018-12-28
Updated
2019-10-03
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
Max CVSS
6.5
EPSS Score
0.36%
Published
2018-12-28
Updated
2019-08-06
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
Max CVSS
6.5
EPSS Score
0.33%
Published
2018-12-28
Updated
2019-08-06
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-12-26
Updated
2021-11-30
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Max CVSS
6.5
EPSS Score
0.44%
Published
2018-12-26
Updated
2021-04-28
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Max CVSS
8.1
EPSS Score
92.34%
Published
2018-12-21
Updated
2021-07-31
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-12-20
Updated
2020-05-12
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Max CVSS
9.8
EPSS Score
0.77%
Published
2018-12-26
Updated
2020-09-28
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
Max CVSS
6.5
EPSS Score
0.41%
Published
2018-12-26
Updated
2020-09-28
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
Max CVSS
8.8
EPSS Score
0.57%
Published
2018-12-26
Updated
2020-09-28
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
Max CVSS
6.5
EPSS Score
0.66%
Published
2018-12-26
Updated
2020-11-02
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
Max CVSS
7.5
EPSS Score
0.35%
Published
2018-12-05
Updated
2019-05-10
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Max CVSS
5.5
EPSS Score
0.10%
Published
2018-12-04
Updated
2022-08-19
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Max CVSS
5.5
EPSS Score
0.19%
Published
2018-12-04
Updated
2021-01-15
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
Max CVSS
5.7
EPSS Score
0.06%
Published
2018-12-06
Updated
2020-12-14