Opensuse Security Vulnerabilities and Issues — Opensuse CVE List

Lucene search

OpensuseOpensuse

9 matches found

CVE•added 2015/06/23 9:59 p.m.•922 views

CVE-2015-3113

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

10CVSS8.2AI score0.92585EPSS

In wild

CVE•added 2015/06/15 3:59 p.m.•177 views

CVE-2015-4142

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

4.3CVSS5.4AI score0.07071EPSS

CVE•added 2015/06/15 3:59 p.m.•152 views

CVE-2015-4141

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

4.3CVSS5.4AI score0.01465EPSS

CVE•added 2015/06/15 3:59 p.m.•146 views

CVE-2015-4143

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.

5CVSS5.1AI score0.01205EPSS

CVE•added 2015/06/07 11:59 p.m.•98 views

CVE-2015-4002

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packe...

9CVSS7.8AI score0.03364EPSS

CVE•added 2015/06/15 3:59 p.m.•82 views

CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.

5CVSS5.3AI score0.01312EPSS

CVE•added 2015/06/15 3:59 p.m.•67 views

CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

5CVSS5.6AI score0.01205EPSS

CVE•added 2015/06/15 3:59 p.m.•63 views

CVE-2015-4145

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.

5CVSS5.6AI score0.01205EPSS

CVE•added 2015/06/02 2:59 p.m.•47 views

CVE-2015-4156

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.

3.6CVSS6.5AI score0.00052EPSS