Opensuse Security Vulnerabilities and Issues — Opensuse CVE List

Lucene search

OpensuseOpensuse

9 matches found

CVE•added 2013/10/17 11:55 p.m.•235 views

CVE-2013-4365

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

7.5CVSS7AI score0.08245EPSS

CVE•added 2013/10/17 12:55 a.m.•107 views

CVE-2013-4389

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.

4.3CVSS6.5AI score0.01333EPSS

CVE•added 2013/10/04 5:55 p.m.•98 views

CVE-2013-4344

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

7.2CVSS8.3AI score0.00068EPSS

CVE•added 2013/10/28 10:55 p.m.•82 views

CVE-2012-6303

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.

6.8CVSS7.9AI score0.22611EPSS

CVE•added 2013/10/16 8:55 p.m.•79 views

CVE-2013-2927

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submissi...

6.8CVSS7AI score0.02705EPSS

CVE•added 2013/10/03 9:55 p.m.•77 views

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --proce...

7.2CVSS6.4AI score0.00033EPSS

CVE•added 2013/10/02 10:35 a.m.•66 views

CVE-2013-2919

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.02329EPSS

CVE•added 2013/10/26 5:55 p.m.•52 views

CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

6.8CVSS6.3AI score0.06429EPSS

CVE•added 2013/10/17 11:55 p.m.•41 views

CVE-2013-2190

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnom...

2.1CVSS6.4AI score0.00078EPSS