rpm package
suse/libsolv&distro=SUSE Linux Enterprise Module for Package Hub 15 SP1
pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-18900 | — | < 0.7.10-3.13.4 | 0.7.10-3.13.4 | Jan 24, 2020 | : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3. | ||
| CVE-2018-20534 | — | < 0.7.6-3.7.2 | 0.7.6-3.7.2 | Dec 28, 2018 | There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real- | ||
| CVE-2018-20533 | — | < 0.7.6-3.7.2 | 0.7.6-3.7.2 | Dec 28, 2018 | There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | ||
| CVE-2018-20532 | — | < 0.7.6-3.7.2 | 0.7.6-3.7.2 | Dec 28, 2018 | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. |
- CVE-2019-18900Jan 24, 2020affected < 0.7.10-3.13.4fixed 0.7.10-3.13.4
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.
- CVE-2018-20534Dec 28, 2018affected < 0.7.6-3.7.2fixed 0.7.6-3.7.2
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-
- CVE-2018-20533Dec 28, 2018affected < 0.7.6-3.7.2fixed 0.7.6-3.7.2
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
- CVE-2018-20532Dec 28, 2018affected < 0.7.6-3.7.2fixed 0.7.6-3.7.2
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.