Opensuse Leap vulnerabilities

CVE-2018-12085 [HIGH] CVE-2018-12085: Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

CVE-2018-11683 [HIGH] CVE-2018-11683: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

CVE-2018-11685 [HIGH] CWE-787 CVE-2018-11685: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTransl Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.

CVE-2018-11684 [HIGH] CWE-787 CVE-2018-11684: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTa Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.

CVE-2018-11577 [HIGH] CWE-120 CVE-2018-11577: Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.

CVE-2018-11440 [HIGH] CWE-787 CVE-2018-11440: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.

CVE-2018-1124 [HIGH] CWE-122 CVE-2018-1124: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corrup procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

CVE-2018-1125 [HIGH] CWE-121 CVE-2018-1125: procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerabilit procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

CVE-2018-11212 [MEDIUM] CWE-369 CVE-2018-11212: An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote a An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

CVE-2018-1115 [CRITICAL] CWE-732 CVE-2018-1115: postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_l postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

CVE-2018-10380 [HIGH] CWE-59 CVE-2018-10380: kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files v kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

CVE-2018-10733 [MEDIUM] CWE-125 CVE-2018-10733: There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

CVE-2018-1088 [HIGH] CWE-266 CVE-2018-1088: A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

CVE-2016-5314 [HIGH] CWE-787 CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

CVE-2018-7858 [MEDIUM] CWE-125 CVE-2018-7858: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local g Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

CVE-2017-18215 [CRITICAL] CWE-787 CVE-2017-18215: xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, le xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.

CVE-2017-9286 [HIGH] CVE-2017-9286: The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have al The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.

CVE-2017-14804 [MEDIUM] CWE-22 CVE-2017-14804: The build package before 20171128 did not check directory names during extraction of build results t The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

CVE-2018-6954 [HIGH] CWE-59 CVE-2018-6954: systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turne

CVE-2017-18078 [HIGH] CWE-59 CVE-2017-18078: systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinke systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership