openSUSE
by OpenSUSE
Source repositories
CVEs (1,425)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0467 | 0.00 | — | 0.05 | Mar 14, 2014 | Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. | |||
| CVE-2014-1839 | 0.00 | — | 0.00 | Mar 11, 2014 | The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. | |||
| CVE-2014-1838 | 0.00 | — | 0.00 | Mar 11, 2014 | The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. | |||
| CVE-2014-2309 | 0.00 | — | 0.02 | Mar 11, 2014 | The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. | |||
| CVE-2014-0081 | 0.00 | — | 0.04 | Feb 20, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2)… | |||
| CVE-2012-2328 | 0.00 | — | 0.02 | Feb 10, 2014 | internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which… | |||
| CVE-2011-4093 | 0.00 | — | 0.02 | Feb 10, 2014 | Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. | |||
| CVE-2011-4091 | 0.00 | — | 0.03 | Feb 10, 2014 | The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. | |||
| CVE-2013-2191 | 0.00 | — | 0.01 | Feb 8, 2014 | python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. | |||
| CVE-2014-0038 | 0.00 | — | 0.35 | Feb 6, 2014 | The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. | |||
| CVE-2012-1095 | 0.00 | — | 0.01 | Feb 6, 2014 | osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator. | |||
| CVE-2014-1491 | 0.00 | — | 0.05 | Feb 6, 2014 | Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes… | |||
| CVE-2014-1490 | 0.00 | — | 0.04 | Feb 6, 2014 | Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service… | |||
| CVE-2014-1489 | 0.00 | — | 0.02 | Feb 6, 2014 | Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. | |||
| CVE-2014-1485 | 0.00 | — | 0.03 | Feb 6, 2014 | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by… | |||
| CVE-2014-1484 | 0.00 | — | 0.02 | Feb 6, 2014 | Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. | |||
| CVE-2014-1483 | 0.00 | — | 0.02 | Feb 6, 2014 | Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and… | |||
| CVE-2014-1480 | 0.00 | — | 0.03 | Feb 6, 2014 | The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a… | |||
| CVE-2011-3377 | 0.00 | — | 0.02 | Feb 5, 2014 | The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level… | |||
| CVE-2011-2725 | 0.00 | — | 0.03 | Feb 4, 2014 | Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. |
- CVE-2014-0467Mar 14, 2014risk 0.00cvss —epss 0.05
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
- CVE-2014-1839Mar 11, 2014risk 0.00cvss —epss 0.00
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.
- CVE-2014-1838Mar 11, 2014risk 0.00cvss —epss 0.00
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
- CVE-2014-2309Mar 11, 2014risk 0.00cvss —epss 0.02
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
- CVE-2014-0081Feb 20, 2014risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2)…
- CVE-2012-2328Feb 10, 2014risk 0.00cvss —epss 0.02
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which…
- CVE-2011-4093Feb 10, 2014risk 0.00cvss —epss 0.02
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
- CVE-2011-4091Feb 10, 2014risk 0.00cvss —epss 0.03
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
- CVE-2013-2191Feb 8, 2014risk 0.00cvss —epss 0.01
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
- CVE-2014-0038Feb 6, 2014risk 0.00cvss —epss 0.35
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
- CVE-2012-1095Feb 6, 2014risk 0.00cvss —epss 0.01
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.
- CVE-2014-1491Feb 6, 2014risk 0.00cvss —epss 0.05
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes…
- CVE-2014-1490Feb 6, 2014risk 0.00cvss —epss 0.04
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service…
- CVE-2014-1489Feb 6, 2014risk 0.00cvss —epss 0.02
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
- CVE-2014-1485Feb 6, 2014risk 0.00cvss —epss 0.03
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by…
- CVE-2014-1484Feb 6, 2014risk 0.00cvss —epss 0.02
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
- CVE-2014-1483Feb 6, 2014risk 0.00cvss —epss 0.02
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and…
- CVE-2014-1480Feb 6, 2014risk 0.00cvss —epss 0.03
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a…
- CVE-2011-3377Feb 5, 2014risk 0.00cvss —epss 0.02
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level…
- CVE-2011-2725Feb 4, 2014risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
Page 51 of 72