VYPR

openSUSE

by OpenSUSE

Source repositories

CVEs (1,425)

  • CVE-2013-4344Oct 4, 2013
    risk 0.00cvss epss 0.00

    Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

  • CVE-2013-4288Oct 3, 2013
    risk 0.00cvss epss 0.00

    Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus…

  • CVE-2013-2919Oct 2, 2013
    risk 0.00cvss epss 0.02

    Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2013-0211Sep 30, 2013
    risk 0.00cvss epss 0.04

    Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an…

  • CVE-2013-2217Sep 23, 2013
    risk 0.00cvss epss 0.01

    cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

  • CVE-2013-4132Sep 16, 2013
    risk 0.00cvss epss 0.02

    KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted…

  • CVE-2013-5589Aug 29, 2013
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2013-5588Aug 29, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

  • CVE-2013-5018Aug 28, 2013
    risk 0.00cvss epss 0.03

    The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file…

  • CVE-2013-4111Aug 28, 2013
    risk 0.00cvss epss 0.01

    The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate…

  • CVE-2013-3495Aug 28, 2013
    risk 0.00cvss epss 0.00

    The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR)…

  • CVE-2013-2161Aug 20, 2013
    risk 0.00cvss epss 0.02

    XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

  • CVE-2013-5029Aug 19, 2013
    risk 0.00cvss epss 0.02

    phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.

  • CVE-2013-4852Aug 19, 2013
    risk 0.00cvss epss 0.03

    Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key…

  • CVE-2013-4242Aug 19, 2013
    risk 0.00cvss epss 0.01

    GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

  • CVE-2013-2145Aug 19, 2013
    risk 0.00cvss epss 0.01

    The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

  • CVE-2013-1872Aug 19, 2013
    risk 0.00cvss epss 0.03

    The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the…

  • CVE-2013-4238Aug 18, 2013
    risk 0.00cvss epss 0.05

    The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a…

  • CVE-2013-2132Aug 15, 2013
    risk 0.00cvss epss 0.03

    bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

  • CVE-2013-2126Aug 14, 2013
    risk 0.00cvss epss 0.04

    Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW…

Page 54 of 72