Opensuse Security Vulnerabilities and Issues — Opensuse CVE List

Lucene search

OpensuseOpensuse

10 matches found

CVE•added 2020/01/14 5:15 p.m.•223 views

CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a larg...

7.8CVSS6.6AI score0.00661EPSS

CVE•added 2020/01/14 5:15 p.m.•161 views

CVE-2015-2326

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...

5.5CVSS6.1AI score0.00262EPSS

CVE•added 2020/01/31 10:15 p.m.•154 views

CVE-2013-3565

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request,...

6.1CVSS6.1AI score0.00394EPSS

CVE•added 2020/01/23 8:15 p.m.•116 views

CVE-2015-5334

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an ...

9.8CVSS7AI score0.09911EPSS

CVE•added 2020/01/23 9:15 p.m.•91 views

CVE-2015-5333

Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.

7.5CVSS7.9AI score0.02094EPSS

CVE•added 2020/02/06 3:15 p.m.•74 views

CVE-2014-2030

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-...

8.8CVSS8.4AI score0.20771EPSS

CVE•added 2020/02/06 3:15 p.m.•68 views

CVE-2014-1958

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

8.8CVSS8.3AI score0.20771EPSS

CVE•added 2020/01/09 9:15 p.m.•60 views

CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

7.8CVSS7.8AI score0.00397EPSS

CVE•added 2020/02/12 5:15 p.m.•60 views

CVE-2013-2637

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

6.1CVSS5.9AI score0.01433EPSS

CVE•added 2020/01/27 3:15 p.m.•58 views

CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

6.8CVSS6.4AI score0.00065EPSS