Opensuse Security Vulnerabilities and Issues — Opensuse CVE List

Lucene search

OpensuseOpensuse

17 matches found

CVE•added 2013/11/19 4:50 a.m.•13017 views

CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG mark...

5CVSS6.1AI score0.0021EPSS

CVE•added 2013/11/20 2:12 p.m.•894 views

CVE-2013-4559

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to...

7.6CVSS7.6AI score0.05317EPSS

CVE•added 2013/11/23 6:55 p.m.•414 views

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

7.5CVSS9.2AI score0.93463EPSS

CVE•added 2013/11/08 4:47 a.m.•208 views

CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

7.5CVSS7.2AI score0.00914EPSS

CVE•added 2013/11/18 2:55 a.m.•193 views

CVE-2013-2061

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

2.6CVSS5.8AI score0.0145EPSS

CVE•added 2013/11/20 2:12 p.m.•193 views

CVE-2013-4560

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

5CVSS7.1AI score0.02171EPSS

CVE•added 2013/11/28 4:37 a.m.•187 views

CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

5CVSS5.5AI score0.06858EPSS

CVE•added 2013/11/18 3:55 a.m.•186 views

CVE-2013-1418

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

4.3CVSS6.1AI score0.0586EPSS

CVE•added 2013/11/23 6:55 p.m.•80 views

CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

2.1CVSS6.6AI score0.00143EPSS

CVE•added 2013/11/23 6:55 p.m.•77 views

CVE-2013-0221

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

4.3CVSS6.7AI score0.06006EPSS

CVE•added 2013/11/02 7:55 p.m.•72 views

CVE-2013-2065

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

6.4CVSS5.5AI score0.00464EPSS

CVE•added 2013/11/23 6:55 p.m.•67 views

CVE-2013-0223

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

1.9CVSS6.6AI score0.00141EPSS

CVE•added 2013/11/13 3:55 p.m.•66 views

CVE-2013-6621

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.

7.5CVSS6.9AI score0.01481EPSS

CVE•added 2013/11/20 2:12 p.m.•58 views

CVE-2013-4487

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-...

5CVSS6.4AI score0.00365EPSS

CVE•added 2013/11/23 5:55 p.m.•55 views

CVE-2013-6858

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

4.3CVSS5.4AI score0.00755EPSS

CVE•added 2013/11/23 11:55 a.m.•49 views

CVE-2013-6375

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter...

7.9CVSS7.9AI score0.00472EPSS

CVE•added 2013/11/23 7:55 p.m.•46 views

CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

1.9CVSS6.4AI score0.0008EPSS