Opensuse Security Vulnerabilities and Issues — Opensuse CVE List

Lucene search

OpensuseOpensuse

20 matches found

CVE•added 2013/07/10 8:55 p.m.•1201 views

CVE-2013-1896

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain hr...

4.3CVSS6.2AI score0.29859EPSS

CVE•added 2013/07/29 1:59 p.m.•442 views

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with...

7.8CVSS5.6AI score0.57835EPSS

CVE•added 2013/07/23 11:3 a.m.•218 views

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

7.1CVSS6.7AI score0.01422EPSS

CVE•added 2013/07/09 5:55 p.m.•148 views

CVE-2013-1362

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

7.5CVSS7.4AI score0.76437EPSS

CVE•added 2013/07/15 3:55 p.m.•147 views

CVE-2013-2765

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

5CVSS6.5AI score0.04332EPSS

CVE•added 2013/07/17 1:41 p.m.•103 views

CVE-2013-3802

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

4CVSS4.3AI score0.0047EPSS

CVE•added 2013/07/17 1:41 p.m.•103 views

CVE-2013-3812

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

3.5CVSS5AI score0.00786EPSS

CVE•added 2013/07/17 1:41 p.m.•98 views

CVE-2013-3783

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.

4CVSS5AI score0.00836EPSS

CVE•added 2013/07/17 1:41 p.m.•95 views

CVE-2013-3804

4CVSS4.3AI score0.00651EPSS

CVE•added 2013/07/17 1:41 p.m.•93 views

CVE-2013-3793

4CVSS4.9AI score0.00803EPSS

CVE•added 2013/07/17 1:41 p.m.•93 views

CVE-2013-3808

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

4CVSS4.2AI score0.0067EPSS

CVE•added 2013/07/31 1:20 p.m.•86 views

CVE-2013-2174

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

6.8CVSS6.6AI score0.09235EPSS

CVE•added 2013/07/17 1:41 p.m.•86 views

CVE-2013-3801

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

5CVSS5AI score0.00811EPSS

CVE•added 2013/07/17 1:41 p.m.•84 views

CVE-2013-3794

4CVSS5AI score0.00736EPSS

CVE•added 2013/07/17 1:41 p.m.•82 views

CVE-2013-3809

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.

4CVSS4.9AI score0.00424EPSS

CVE•added 2013/07/17 1:41 p.m.•78 views

CVE-2013-3805

4CVSS5.1AI score0.00738EPSS

CVE•added 2013/07/31 1:20 p.m.•72 views

CVE-2013-2088

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

7.1CVSS7.1AI score0.0503EPSS

CVE•added 2013/07/31 1:20 p.m.•68 views

CVE-2013-2112

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.

7.8CVSS6.2AI score0.03541EPSS

CVE•added 2013/07/03 6:55 p.m.•65 views

CVE-2013-2168

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

1.9CVSS5.8AI score0.00093EPSS

CVE•added 2013/07/31 1:20 p.m.•55 views

CVE-2013-1968

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

5.5CVSS5.9AI score0.00449EPSS