Lucene search

K

OpenSUSE Security Vulnerabilities

cve
cve

CVE-2019-18898

UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1......

7.8CVSS

7.4AI Score

0.0004EPSS

2020-01-23 02:15 PM
128
4
cve
cve

CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a...

7.8CVSS

6.6AI Score

0.002EPSS

2020-01-14 05:15 PM
62
5
cve
cve

CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated...

5.5CVSS

6.1AI Score

0.001EPSS

2020-01-14 05:15 PM
63
2
cve
cve

CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal...

7.8CVSS

7.8AI Score

0.003EPSS

2020-01-09 09:15 PM
28
cve
cve

CVE-2012-2736

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure...

4.4CVSS

4.5AI Score

0.001EPSS

2019-12-26 08:15 PM
70
cve
cve

CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest...

7.5CVSS

7.2AI Score

0.002EPSS

2019-12-17 06:15 PM
32
cve
cve

CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push...

5.5CVSS

6AI Score

0.001EPSS

2019-12-17 02:15 PM
29
cve
cve

CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL...

7.5CVSS

7.5AI Score

0.004EPSS

2019-12-13 02:15 PM
30
cve
cve

CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation...

4.4CVSS

5AI Score

0.0005EPSS

2019-12-13 02:15 PM
36
cve
cve

CVE-2013-7370

node-connect before 2.8.1 has XSS in the Sencha Labs Connect...

6.1CVSS

5.7AI Score

0.004EPSS

2019-12-11 02:15 PM
35
cve
cve

CVE-2016-1000104

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through...

8.8CVSS

8.5AI Score

0.008EPSS

2019-12-03 10:15 PM
170
cve
cve

CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not...

6.5CVSS

6.5AI Score

0.01EPSS

2019-11-27 07:15 PM
50
cve
cve

CVE-2012-6655

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted...

3.3CVSS

3.7AI Score

0.0004EPSS

2019-11-27 06:15 PM
45
2
cve
cve

CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection...

7.8CVSS

7.8AI Score

0.0004EPSS

2019-11-14 02:15 AM
26
cve
cve

CVE-2011-1490

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message...

5.5CVSS

5.3AI Score

0.0004EPSS

2019-11-14 02:15 AM
34
cve
cve

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string...

7.8CVSS

7.5AI Score

0.001EPSS

2019-11-14 02:15 AM
21
cve
cve

CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent...

5.5CVSS

5.2AI Score

0.0004EPSS

2019-11-14 02:15 AM
32
cve
cve

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message.....

5.5CVSS

5.3AI Score

0.0004EPSS

2019-11-14 02:15 AM
28
cve
cve

CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel...

7.8CVSS

7.3AI Score

0.0004EPSS

2019-11-13 09:15 PM
24
cve
cve

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key...

3.3CVSS

3.6AI Score

0.0004EPSS

2019-11-05 10:15 PM
34
cve
cve

CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change...

5.3CVSS

5.9AI Score

0.002EPSS

2019-11-05 02:15 PM
30
cve
cve

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable...

7.8CVSS

7.7AI Score

0.001EPSS

2019-11-04 09:15 PM
62
cve
cve

CVE-2017-5331

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted...

7.8CVSS

7.7AI Score

0.0004EPSS

2019-11-04 09:15 PM
59
cve
cve

CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted...

7.8CVSS

7.6AI Score

0.001EPSS

2019-11-04 09:15 PM
60
cve
cve

CVE-2013-3718

evince is missing a check on number of pages which can lead to a segmentation...

5.5CVSS

5.4AI Score

0.001EPSS

2019-11-01 01:15 PM
60
cve
cve

CVE-2017-3224

Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then...

8.2CVSS

5.6AI Score

0.001EPSS

2018-07-24 03:29 PM
36
cve
cve

CVE-2014-5220

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as...

7.8CVSS

7.9AI Score

0.0004EPSS

2018-06-08 05:29 PM
29
cve
cve

CVE-2014-0158

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile...

8.8CVSS

8.7AI Score

0.171EPSS

2018-04-10 03:29 PM
30
cve
cve

CVE-2016-5314

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer.....

8.8CVSS

7.7AI Score

0.004EPSS

2018-03-12 02:29 AM
98
2
cve
cve

CVE-2016-1254

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service...

7.5CVSS

7AI Score

0.041EPSS

2017-12-05 04:29 PM
41
cve
cve

CVE-2014-4616

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode...

5.9CVSS

6AI Score

0.003EPSS

2017-08-24 08:29 PM
156
5
cve
cve

CVE-2011-0469

Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11...

9.8CVSS

9.6AI Score

0.005EPSS

2017-08-17 04:29 PM
24
cve
cve

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to...

7.5CVSS

7.3AI Score

0.002EPSS

2017-08-07 08:29 PM
21
cve
cve

CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image...

5.5CVSS

5.8AI Score

0.015EPSS

2017-08-02 07:29 PM
82
cve
cve

CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image...

5.5CVSS

5.8AI Score

0.009EPSS

2017-07-25 06:29 PM
85
cve
cve

CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds...

7.5CVSS

7.6AI Score

0.029EPSS

2017-07-21 02:29 PM
151
cve
cve

CVE-2014-8127

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in...

6.5CVSS

6.5AI Score

0.009EPSS

2017-06-26 03:29 PM
76
cve
cve

CVE-2016-5178

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown...

9.8CVSS

7.9AI Score

0.013EPSS

2017-05-23 04:29 AM
56
cve
cve

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative...

8.8CVSS

9.5AI Score

0.013EPSS

2017-05-23 04:29 AM
192
2
cve
cve

CVE-2016-5177

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown...

8.8CVSS

7.8AI Score

0.017EPSS

2017-05-23 04:29 AM
42
cve
cve

CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC...

9.8CVSS

9.9AI Score

0.014EPSS

2017-05-23 04:29 AM
341
2
cve
cve

CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer...

8.8CVSS

9.6AI Score

0.013EPSS

2017-05-23 04:29 AM
194
3
cve
cve

CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer...

9.8CVSS

9.9AI Score

0.012EPSS

2017-05-23 04:29 AM
299
3
cve
cve

CVE-2016-2347

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted...

7.8CVSS

7.7AI Score

0.004EPSS

2017-04-21 08:59 PM
38
cve
cve

CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory...

7.7CVSS

7.7AI Score

0.006EPSS

2017-04-13 05:59 PM
60
cve
cve

CVE-2015-8864

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than...

6.1CVSS

5.9AI Score

0.002EPSS

2017-04-13 02:59 PM
23
cve
cve

CVE-2016-4068

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than...

6.1CVSS

5.9AI Score

0.002EPSS

2017-04-13 02:59 PM
25
4
cve
cve

CVE-2016-9959

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit...

7.8CVSS

8.5AI Score

0.006EPSS

2017-04-12 08:59 PM
26
cve
cve

CVE-2016-9958

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory...

7.8CVSS

8.5AI Score

0.004EPSS

2017-04-12 08:59 PM
35
cve
cve

CVE-2016-9957

Stack-based buffer overflow in game-music-emu before...

7.8CVSS

8.7AI Score

0.001EPSS

2017-04-12 08:59 PM
38
Total number of security vulnerabilities1478