Opensuse Security Vulnerabilities and Issues — Opensuse CVE List

Lucene search

OpensuseOpensuse

14 matches found

CVE•added 2019/11/04 9:15 p.m.•91 views

CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8CVSS7.7AI score0.00272EPSS

CVE•added 2019/11/04 9:15 p.m.•88 views

CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8CVSS7.6AI score0.00272EPSS

CVE•added 2019/11/01 1:15 p.m.•85 views

CVE-2013-3718

evince is missing a check on number of pages which can lead to a segmentation fault

5.5CVSS5.4AI score0.00518EPSS

CVE•added 2019/11/04 9:15 p.m.•85 views

CVE-2017-5331

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8CVSS7.7AI score0.00089EPSS

CVE•added 2019/11/27 6:15 p.m.•71 views

CVE-2012-6655

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

3.3CVSS3.7AI score0.00034EPSS

CVE•added 2019/11/27 7:15 p.m.•69 views

CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

6.5CVSS6.5AI score0.00179EPSS

CVE•added 2019/11/05 10:15 p.m.•66 views

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

3.3CVSS3.6AI score0.00143EPSS

CVE•added 2019/11/14 2:15 a.m.•61 views

CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

7.8CVSS7.8AI score0.00218EPSS

CVE•added 2019/11/13 9:15 p.m.•55 views

CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

7.8CVSS7.3AI score0.00152EPSS

CVE•added 2019/11/14 2:15 a.m.•55 views

CVE-2011-1490

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message be...

5.5CVSS5.3AI score0.00153EPSS

CVE•added 2019/11/05 2:15 p.m.•51 views

CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

5.3CVSS5.9AI score0.00178EPSS

CVE•added 2019/11/14 2:15 a.m.•50 views

CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent with...

5.5CVSS5.2AI score0.00153EPSS

CVE•added 2019/11/14 2:15 a.m.•50 views

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message b...

5.5CVSS5.3AI score0.00153EPSS

CVE•added 2019/11/14 2:15 a.m.•40 views

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

7.8CVSS7.5AI score0.0032EPSS