Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
OpensuseOpensuse

55 matches found

CVE
CVEadded 2014/09/27 10:55 a.m.217 views

CVE-2014-5459

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

3.6CVSS8.6AI score0.00137EPSS
CVE
CVEadded 2014/12/12 6:59 p.m.170 views

CVE-2014-8134

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.

3.3CVSS5.4AI score0.00089EPSS
CVE
CVEadded 2015/10/22 12:0 a.m.132 views

CVE-2015-4913

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

3.5CVSS5.2AI score0.00419EPSS
CVE
CVEadded 2015/07/16 11:0 a.m.115 views

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

3.5CVSS4.6AI score0.00598EPSS
CVE
CVEadded 2015/10/21 11:59 p.m.115 views

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

3.5CVSS5.1AI score0.00392EPSS
CVE
CVEadded 2015/01/21 7:59 p.m.111 views

CVE-2015-0427

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-65...

3.2CVSS6AI score0.00113EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.105 views

CVE-2016-0598

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

3.5CVSS5AI score0.00459EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.105 views

CVE-2016-0600

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5AI score0.00459EPSS
CVE
CVEadded 2013/07/17 1:41 p.m.103 views

CVE-2013-3812

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

3.5CVSS5AI score0.00648EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.101 views

CVE-2016-0608

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

3.5CVSS5AI score0.00459EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.99 views

CVE-2016-0606

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

3.5CVSS5AI score0.00226EPSS
CVE
CVEadded 2015/01/21 3:28 p.m.96 views

CVE-2014-6595

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590...

3.2CVSS6AI score0.00113EPSS
CVE
CVEadded 2009/03/06 11:30 a.m.94 views

CVE-2009-0834

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

3.6CVSS4.6AI score0.00104EPSS
CVE
CVEadded 2015/01/21 3:28 p.m.92 views

CVE-2014-6588

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595...

3.2CVSS6AI score0.00113EPSS
CVE
CVEadded 2015/10/21 9:59 p.m.92 views

CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

3.5CVSS5AI score0.00374EPSS
CVE
CVEadded 2013/03/07 3:55 p.m.90 views

CVE-2013-2483

The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.

3.3CVSS6.4AI score0.01454EPSS
CVE
CVEadded 2015/01/21 3:28 p.m.89 views

CVE-2014-6589

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595...

3.2CVSS6AI score0.00113EPSS
CVE
CVEadded 2015/01/21 3:28 p.m.89 views

CVE-2014-6590

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595...

3.2CVSS6AI score0.00113EPSS
CVE
CVEadded 2014/08/26 2:55 p.m.84 views

CVE-2014-0483

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field...

3.5CVSS5.5AI score0.00428EPSS
CVE
CVEadded 2014/12/16 11:59 p.m.79 views

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demo...

3.5CVSS6.4AI score0.00458EPSS
CVE
CVEadded 2016/01/21 3:2 a.m.79 views

CVE-2016-0610

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS5.5AI score0.00517EPSS
CVE
CVEadded 2014/10/31 3:55 p.m.74 views

CVE-2014-3474

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a netw...

3.5CVSS5.1AI score0.00318EPSS
CVE
CVEadded 2019/11/27 6:15 p.m.71 views

CVE-2012-6655

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

3.3CVSS3.7AI score0.00034EPSS
CVE
CVEadded 2015/08/16 1:59 a.m.70 views

CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

3.3CVSS8.5AI score0.00251EPSS
CVE
CVEadded 2019/11/05 10:15 p.m.66 views

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

3.3CVSS3.6AI score0.00143EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.65 views

CVE-2012-4285

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.

3.3CVSS6.3AI score0.00652EPSS
CVE
CVEadded 2014/10/31 3:55 p.m.65 views

CVE-2014-3475

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CV...

3.5CVSS5.4AI score0.00359EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.63 views

CVE-2012-4289

epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.

3.3CVSS6.3AI score0.00292EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.61 views

CVE-2012-4291

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

3.3CVSS6.3AI score0.00895EPSS
CVE
CVEadded 2014/05/21 2:55 p.m.60 views

CVE-2011-2198

The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".

3.5CVSS5.9AI score0.01072EPSS
CVE
CVEadded 2014/10/20 5:55 p.m.60 views

CVE-2014-5025

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

3.5CVSS6.8AI score0.00453EPSS
CVE
CVEadded 2015/07/01 2:59 p.m.60 views

CVE-2015-3164

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

3.6CVSS7.1AI score0.00065EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.59 views

CVE-2012-4293

plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.

3.3CVSS6.3AI score0.00971EPSS
CVE
CVEadded 2014/10/20 5:55 p.m.59 views

CVE-2014-5026

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delet...

3.5CVSS7.2AI score0.00347EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.58 views

CVE-2012-4290

The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.

3.3CVSS6.3AI score0.00895EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.58 views

CVE-2012-4296

Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.

3.3CVSS6.5AI score0.01461EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.57 views

CVE-2012-4292

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial ...

3.3CVSS6.2AI score0.0113EPSS
CVE
CVEadded 2013/03/07 3:55 p.m.57 views

CVE-2013-2484

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.3AI score0.01423EPSS
CVE
CVEadded 2012/08/16 10:38 a.m.56 views

CVE-2012-4288

Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.

3.3CVSS6.6AI score0.00971EPSS
CVE
CVEadded 2014/08/22 1:55 a.m.56 views

CVE-2014-5274

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

3.5CVSS5AI score0.00219EPSS
CVE
CVEadded 2013/03/07 3:55 p.m.54 views

CVE-2013-2478

The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1)...

3.3CVSS6.7AI score0.01454EPSS
CVE
CVEadded 2014/08/20 2:55 p.m.54 views

CVE-2014-2524

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

3.3CVSS8.3AI score0.00157EPSS
CVE
CVEadded 2014/08/22 2:55 p.m.53 views

CVE-2014-3594

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

3.5CVSS5.4AI score0.00605EPSS
CVE
CVEadded 2013/03/07 3:55 p.m.51 views

CVE-2013-2480

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.4AI score0.01423EPSS
CVE
CVEadded 2014/05/08 2:29 p.m.51 views

CVE-2014-1934

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

3.3CVSS6.1AI score0.00048EPSS
CVE
CVEadded 2007/10/14 6:17 p.m.50 views

CVE-2007-5200

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

3.3CVSS6AI score0.00043EPSS
CVE
CVEadded 2016/04/20 4:59 p.m.49 views

CVE-2015-8842

tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.

3.3CVSS3.5AI score0.00074EPSS
CVE
CVEadded 2014/11/05 11:55 a.m.48 views

CVE-2014-8326

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInter...

3.5CVSS5.7AI score0.00237EPSS
CVE
CVEadded 2016/04/20 4:59 p.m.48 views

CVE-2014-9770

tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.

3.3CVSS3.6AI score0.00095EPSS
CVE
CVEadded 2013/03/07 3:55 p.m.47 views

CVE-2013-2477

The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.4AI score0.00359EPSS
Total number of security vulnerabilities55