Opensuse: Security Vulnerabilities
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-06-04
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-05-31
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-05-25
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
CVSS Score
4.4
EPSS Score
0.004
Published
2018-05-23
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVSS Score
7.3
EPSS Score
0.004
Published
2018-05-23
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-05-16
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CVSS Score
4.2
EPSS Score
0.005
Published
2018-05-10
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-05-08
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-05-04
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
CVSS Score
8.1
EPSS Score
0.057
Published
2018-04-18