Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4344 4Canonical OpensuseQemu+1 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more Apr 29, 2026 Oct 4, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
CVE-2013-4288 4Canonical OpensusePolkit Project+1 more 4Enterprise Linux OpensusePolkit+1 more Apr 29, 2026 Oct 3, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1)...Show more Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.Show less
CVE-2013-2919 3Debian GoogleOpensuse 3Chrome Debian LinuxOpensuse Apr 29, 2026 Oct 2, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2013-0211 5Canonical FedoraprojectFreebsd+2 more 5Fedora FreebsdLibarchive+2 more Apr 29, 2026 Sep 30, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of...Show more Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.Show less
CVE-2013-2217 3Jeff Ortel OpensuseRedhat 3Enterprise Linux OpensuseSuds Apr 29, 2026 Sep 23, 2013 N/A· v4 N/A· v3 1.2 LOW· v2 cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
CVE-2013-4132 2Kde Opensuse 3Kde Workspace Kde ScOpensuse Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash)...Show more KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.Show less
CVE-2013-4123 2Opensuse Squid Cache 2Opensuse Squid Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
CVE-2013-5589 3Cacti DebianOpensuse 3Cacti Debian LinuxOpensuse Apr 29, 2026 Aug 29, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-5588 2Cacti Opensuse 2Cacti Opensuse Apr 29, 2026 Aug 29, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cac...Show more Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.Show less
CVE-2013-5018 2Opensuse Strongswan 2Opensuse Strongswan Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) X...Show more The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.Show less
CVE-2013-4111 2Openstack Opensuse 2Opensuse Python Glanceclient Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common N...Show more The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2013-3495 2Opensuse Xen 2Opensuse Xen Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 4.7 MEDIUM· v2 The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus masterin...Show more The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).Show less
CVE-2013-2161 2Openstack Opensuse 4Folsom GrizzlyHavana+1 more Apr 29, 2026 Aug 20, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.
CVE-2013-5029 2Opensuse Phpmyadmin 2Opensuse Phpmyadmin Apr 29, 2026 Aug 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
CVE-2013-4852 5Debian OpensusePutty+2 more 5Debian Linux OpensusePutty+2 more Apr 29, 2026 Aug 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain application...Show more Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.Show less
CVE-2013-4242 4Canonical DebianGnupg+1 more 5Debian Linux GnupgLibgcrypt+2 more Apr 29, 2026 Aug 19, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
CVE-2013-2145 3Canonical OpensusePerlmonks 3Module\ OpensuseUbuntu Linux Apr 29, 2026 Aug 19, 2013 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that r...Show more The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.Show less
CVE-2013-1872 4Canonical Mesa3dOpensuse+1 more 4Enterprise Linux MesaOpensuse+1 more Apr 29, 2026 Aug 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger...Show more The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.Show less
CVE-2013-4238 3Canonical OpensusePython 3Opensuse PythonUbuntu Linux Apr 29, 2026 Aug 18, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-th...Show more The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Show less
CVE-2013-2132 3Canonical MongodbOpensuse 3Mongodb OpensuseUbuntu Linux Apr 29, 2026 Aug 15, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to...Show more bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."Show less

Previous 1...139140141...164 Next