Opensuse

opensuse

Vendor: Opensuse • 1,454 CVEs

CVEs (1,454)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-2637 2Opensuse Otrs 3Faq OpensuseOtrs Itsm Nov 21, 2024 Feb 12, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user exe...Show more A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.Show less
CVE-2014-2030 3Canonical ImagemagickOpensuse 3Imagemagick OpensuseUbuntu Linux Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted P...Show more Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.Show less
CVE-2014-1958 3Canonical ImagemagickOpensuse 3Imagemagick OpensuseUbuntu Linux Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulne...Show more Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.Show less
CVE-2013-3565 2Opensuse Videolan 2Opensuse Vlc Media Player Nov 21, 2024 Jan 31, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/...Show more Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.Show less
CVE-2006-7246 3Gnome OpensuseSuse 4Linux Enterprise Desktop Linux Enterprise ServerNetworkmanager+1 more Nov 21, 2024 Jan 27, 2020 N/A· v4 6.8 MEDIUM· v3 3.2 LOW· v2 NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
CVE-2015-5333 2Openbsd Opensuse 2Libressl Opensuse Nov 21, 2024 Jan 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
CVE-2015-5334 2Openbsd Opensuse 2Libressl Opensuse Nov 21, 2024 Jan 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which trigger...Show more Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.Show less
CVE-2015-2326 4Mariadb OpensusePcre+1 more 4Mariadb OpensusePcre+1 more Nov 21, 2024 Jan 14, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward...Show more The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".Show less
CVE-2015-2325 4Mariadb OpensusePcre+1 more 4Mariadb OpensusePcre+1 more Nov 21, 2024 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a...Show more The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.Show less
CVE-2012-2142 4Freedesktop OpensuseRedhat+1 more 4Enterprise Linux OpensusePoppler+1 more Nov 21, 2024 Jan 9, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVE-2012-2736 4Canonical DebianGnome+1 more 4Debian Linux NetworkmanagerOpensuse+1 more Nov 21, 2024 Dec 26, 2019 N/A· v4 4.4 MEDIUM· v3 3.3 LOW· v2 In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
CVE-2014-8179 2Docker Opensuse 3Cs Engine DockerOpensuse Nov 21, 2024 Dec 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a...Show more Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.Show less
CVE-2014-8178 2Docker Opensuse 3Cs Engine DockerOpensuse Nov 21, 2024 Dec 17, 2019 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or...Show more Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.Show less
CVE-2014-3495 2Debian Opensuse 3Debian Linux DuplicityOpensuse Nov 21, 2024 Dec 13, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 duplicity 0.6.24 has improper verification of SSL certificates
CVE-2014-2387 3Debian OpensusePen Project 3Debian Linux OpensusePen Nov 21, 2024 Dec 13, 2019 N/A· v4 4.4 MEDIUM· v3 4.6 MEDIUM· v2 Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
CVE-2013-7370 4Debian OpensuseRedhat+1 more 4Connect Debian LinuxOpenshift+1 more Nov 21, 2024 Dec 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVE-2016-1000104 2Apache Opensuse 3Leap Mod FcgidOpensuse Nov 21, 2024 Dec 3, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
CVE-2013-2625 3Debian OpensuseOtrs 5Debian Linux FaqOpensuse+2 more Nov 21, 2024 Nov 27, 2019 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not ver...Show more An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verifiedShow less
CVE-2012-6655 4Accountsservice Project DebianOpensuse+1 more 4Accountsservice Debian LinuxEnterprise Linux+1 more Nov 21, 2024 Nov 27, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
CVE-2011-1588 3Debian OpensuseXfce 3Debian Linux OpensuseThunar Nov 21, 2024 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

12 3 4 5...73 Next